From secunia security advisory at $URL:
The vulnerability is caused due to a boundary error within the "encrypt_keyid()" function (appl/telnet/libtelnet/encrypt.c) of telnetd, which can be exploited to cause a buffer overflow by sending specially crafted commands to the server.
This is related to:
SA47397 ( https://secunia.com/advisories/47397/ )
The vulnerability is confirmed in version 1.5.1. Other versions may also be affected.
+*heimdal-1.5.1-r1 (27 Dec 2011)
+ 27 Dec 2011; Eray Aslan <firstname.lastname@example.org> +heimdal-1.5.1-r1.ebuild,
+ +files/CVE-2011-4862.patch, +files/heimdal_missing-include.patch:
+ security bump - bug #396105
@security: Please stabilize =app-crypt/heimdal-1.5.1-r1. Thank you.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
/etc/init.d/heimdal-kpasswdd returns crashed status after start, I guess is not expected,
Please tell me if you prefer take a look if it works on a way different to other bug( e.g. irc )
Missing anyway the following rdep:
(In reply to comment #3)
> /etc/init.d/heimdal-kpasswdd returns crashed status after start, I guess is not
Eras said on irc that is expected if kerberos is not configured properly
rdeps added. Thanks.
For the record, kpasswdd will crash if kerberos is not configured. Known problem/bug.
Stable for HPPA (bug #396105 will be solved later, and can be worked around with USE=-X, which should not be a huge problem since most HPPA users won't be using X much anyway).
New glsa draft filed. Thanks everyone.
This issue was resolved and addressed in
GLSA 201202-05 at http://security.gentoo.org/glsa/glsa-201202-05.xml
by GLSA coordinator Sean Amoss (ackle).