SuSE 10 Security Update : Kerberos (ZYPP Patch Number 6140)
Critical Nessus Plugin ID 41542
The remote SuSE 10 host is missing a security-related patch.
Clients sending negotiation requests with invalid flags could crash the kerberos server. (CVE-2009-0845) GSS-API clients could crash when reading from an invalid address space. (CVE-2009-0844) Invalid length checks could crash applications using the kerberos ASN.1 parser. (CVE-2009-0847) Under certain circumstances the ASN.1 parser could free an uninitialized pointer which could crash a kerberos server or even lead to execution of arbitrary code. (CVE-2009-0846)