Derek Chan discovered that the PAM module for the Heimdal Kerberos implementation allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to local privilege escalation. For the stable distribution , this problem has been fixed in version 2.5-1etch1. For the upcoming stable distribution , this problem has been fixed in version 3.10-2.1. For the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your libpam-heimdal package.