RHSA-2011:1379-01 -- Redhat krb5ID: oval:org.secpod.oval:def:500043 | Date: (C)2012-01-31 (M)2021-09-11 |
Class: PATCH | Family: unix |
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP or Berkeley Database back end. A remote attacker could use these flaws to crash the KDC. Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original reporter of CVE-2011-1527. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
Platform: |
Red Hat Enterprise Linux 6 |