Synopsis:	Important: krb5 security update
Issue date:	2010-05-18
CVE Names:	CVE-2010-1321

A NULL pointer dereference flaw was discovered in the MIT Kerberos 
Generic Security Service Application Program Interface (GSS-API) 
library. A remote, authenticated attacker could use this flaw to crash 
any server application using the GSS-API authentication mechanism, by 
sending a specially-crafted GSS-API token with a missing checksum field. 
(CVE-2010-1321)

All running services using the MIT Kerberos libraries must be restarted 
for the update to take effect.

SL 3.0.x

       SRPMS:
krb5-1.2.7-72.src.rpm
       i386:
krb5-devel-1.2.7-72.i386.rpm
krb5-libs-1.2.7-72.i386.rpm
krb5-server-1.2.7-72.i386.rpm
krb5-workstation-1.2.7-72.i386.rpm
       x86_64:
krb5-devel-1.2.7-72.x86_64.rpm
krb5-libs-1.2.7-72.i386.rpm
krb5-libs-1.2.7-72.x86_64.rpm
krb5-server-1.2.7-72.x86_64.rpm
krb5-workstation-1.2.7-72.x86_64.rpm

SL 4.x

       SRPMS:
krb5-1.3.4-62.el4_8.2.src.rpm
       i386:
krb5-devel-1.3.4-62.el4_8.2.i386.rpm
krb5-libs-1.3.4-62.el4_8.2.i386.rpm
krb5-server-1.3.4-62.el4_8.2.i386.rpm
krb5-workstation-1.3.4-62.el4_8.2.i386.rpm
       x86_64:
krb5-devel-1.3.4-62.el4_8.2.x86_64.rpm
krb5-libs-1.3.4-62.el4_8.2.i386.rpm
krb5-libs-1.3.4-62.el4_8.2.x86_64.rpm
krb5-server-1.3.4-62.el4_8.2.x86_64.rpm
krb5-workstation-1.3.4-62.el4_8.2.x86_64.rpm

SL 5.x

       SRPMS:
krb5-1.6.1-36.el5_5.4.src.rpm
       i386:
krb5-devel-1.6.1-36.el5_5.4.i386.rpm
krb5-libs-1.6.1-36.el5_5.4.i386.rpm
krb5-server-1.6.1-36.el5_5.4.i386.rpm
krb5-workstation-1.6.1-36.el5_5.4.i386.rpm
       x86_64:
krb5-devel-1.6.1-36.el5_5.4.i386.rpm
krb5-devel-1.6.1-36.el5_5.4.x86_64.rpm
krb5-libs-1.6.1-36.el5_5.4.i386.rpm
krb5-libs-1.6.1-36.el5_5.4.x86_64.rpm
krb5-server-1.6.1-36.el5_5.4.x86_64.rpm
krb5-workstation-1.6.1-36.el5_5.4.x86_64.rpm

-Connie Sieh
-Troy Dawson