A double-free flaw was found in the way the MIT Kerberos KDC handled
initial authentication requests (AS-REQ), when the KDC was configured to
provide the PKINIT capability. A remote attacker could use this flaw to
cause the KDC daemon to abort by using a specially-crafted AS-REQ
request. (CVE-2011-0284)
After installing the updated packages, the krb5kdc daemon will be
restarted automatically.