A vulnerability has been found and corrected in krb5: Certain invalid GSS-API tokens can cause a GSS-API acceptor to crash due to a null pointer dereference in the GSS-API library . Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.