Fedora Core 2: FEDORA-2004-277 Critical: krb5 Double-Free Issues

Kerberos V5 is a trusted-third-party network authentication system,

which can improve your network's security by eliminating the insecure

practice of cleartext passwords.

Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other.

Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues.

A double-free bug was also found in the krb524 server (CAN-2004-0772), however this issue does not affect Fedora Core.

An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.

* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-6

- rebuild

* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-5

- incorporate revised fixes from ...