[Bug 210172] [NEW] [CVE-2007-5971] Kerberos vulnerability
Launchpad Bug Tracker
210172 at bugs.launchpad.net
Mon Apr 7 02:18:10 BST 2008
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
Binary package hint: libkrb53
References:
GLSA 200803-31 (http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml)
MDVSA-2008:069 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:069)
Quoting GLSA 200803-31:
"Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971)."
Quoting MDVSA-2008:069:
"Multiple memory management flaws were found in the GSSAPI library
used by Kerberos that could result in the use of already freed memory
or an attempt to free already freed memory, possibly leading to a
crash or allowing the execution of arbitrary code (CVE-2007-5901,
CVE-2007-5971)."
** Affects: krb5 (Ubuntu)
Importance: Medium
Assignee: Ubuntu Backporters (ubuntu-backporters)
Status: Triaged
--
[CVE-2007-5971] Kerberos vulnerability
https://bugs.edge.launchpad.net/bugs/210172
You received this bug notification because you are a member of Ubuntu Backporters, which is a bug assignee.
More information about the ubuntu-backports
mailing list