openSUSE Security Update : krb5 (openSUSE-SU-2011:1169-1)
High Nessus Plugin ID 75885
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe following issues have been fixed :
- CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure.
- CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a NULL pointer dereference.
Both bugs could be triggered by unauthenticated remote attackers.
Additionally CVE-2011-1526 was fixed that allowed authenticated users to access files via krb5 ftpd they should not have access to.
SolutionUpdate the affected krb5 packages.