Scientific Linux Security Update : krb5 on SL7.x x86_64
Medium Nessus Plugin ID 95842
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionThe following packages have been upgraded to a newer upstream version:
Security Fix(es) :
- A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119)
- A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true.
Additional Changes :
SolutionUpdate the affected packages.