Debian: DSA-2031-1 Critical: Krb5 Kadmin Daemon Crash Risk

Sol Jerome discovered that kadmind service in krb5, a system for authenticating
users and services on a network, allows remote authenticated users to cause a
denial of service (daemon crash) via a request from a kadmin client that sends
an invalid API version number.


For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny3.

The testing distribution (squeeze), and the unstable distribution (sid) are
not affected by this issue.

We recommend that you upgrade your krb5 package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian (stable)
- ---------------

Stable upda...