*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: libkrb53 References: GLSA 200803-31 (http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml) MDVSA-2008:069 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:069) Quoting GLSA 200803-31: "Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971)." Quoting MDVSA-2008:069: "Multiple memory management flaws were found in the GSSAPI library used by Kerberos that could result in the use of already freed memory or an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code (CVE-2007-5901, CVE-2007-5971)." ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5971 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5901 -- [CVE-2007-5971] Kerberos vulnerability https://bugs.launchpad.net/bugs/210172 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
