openSUSE 10 Security Update : krb5 (krb5-6139)
Critical Nessus Plugin ID 36122
SynopsisThe remote openSUSE host is missing a security update.
DescriptionClients sending negotiation requests with invalid flags could crash the kerberos server (CVE-2009-0845).
GSS-API clients could crash when reading from an invalid address space (CVE-2009-0844).
Invalid length checks could crash applications using the kerberos ASN.1 parser (CVE-2009-0847).
Under certain circumstances the ASN.1 parser could free an uninitialized pointer which could crash a kerberos server or even lead to execution of arbitrary code (CVE-2009-0846).
SolutionUpdate the affected krb5 packages.