From ${URL} : Flaws were found in the way MIT Kerberos handled RFC 1964 tokens. A man-in-the-middle attacker able to inject packets into an application's GSS-API session could use this flaw to crash the application. References: http://diswww.mit.edu:8008/menelaus.mit.edu/cvs-krb5/28388 https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-4341 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4341): MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
CVE-2014-4342 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4342): MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
This issue was resolved and addressed in GLSA 201412-53 at http://security.gentoo.org/glsa/glsa-201412-53.xml by GLSA coordinator Mikle Kolyada (Zlogene).
