Synopsis: Moderate: krb5 security update
Issue Date: 2011-04-14
CVE Numbers: CVE-2011-0285
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third-party, the Key Distribution Center (KDC).
An invalid free flaw was found in the password-changing capability of the
MIT Kerberos administration daemon, kadmind. A remote, unauthenticated
attacker could use this flaw to cause kadmind to abort via a
specially-crafted request. (CVE-2011-0285)
All krb5 users should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing the updated
packages, the kadmind daemon will be restarted automatically.
– Scientific Linux Development Team