From secunia security advisory at $URL: Description A weakness has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error in the "check_1_6_dummy()" function in src/lib/kadm5/srv/svr_principal.c. This can be exploited to cause a crash via a create-principal request containing no password but the KRB5_KDB_DISALLOW_ALL_TIX flag. Successful exploitation requires an administrator account with "create" privileges. The weakness is reported in versions prior to 1.10.2. Solution Update to version 1.10.2.
+*mit-krb5-1.10.2 (05 Jun 2012) + + 05 Jun 2012; Eray Aslan <eras@gentoo.org> +mit-krb5-1.10.2.ebuild: + security bump - bug #419765 + @security. We can stabilize =app-crypt/mit-krb5-1.10.2. But there are some keywords missing. Please see bug #412489.
Thanks, Eray. Given the administrator requirement I think we're ok waiting for bug 412489.
CVE-2012-1013 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1013): The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password. CVE-2012-1012 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1012): server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.
+*mit-krb5-1.9.4 (23 Jun 2012) + + 23 Jun 2012; Eray Aslan <eras@gentoo.org> +mit-krb5-1.9.4.ebuild: + security bump - bug #419765 + @security: mit-krb5-1.9.4 is released with the fix. We might want to stabilize =app-crypt/mit-krb5-1.9.4 - which has all the keywords - instead of waiting for mit-krb5-1.10.2.
Thanks Eras. Arches, please test and mark stable: =app-crypt/mit-krb5-appl-1.9.4 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64 stable
x86 stable
Improvements in the test suite over the old stable. Stable for HPPA.
alpha/arm/ia64/s390/sh/sparc stable
ppc stable
@ppc64, you will continue in bug 429324 @security, please vote.
Thanks, everyone. GLSA Vote: no.
Vote: NO, closing noglsa.