Synopsis: Important: krb5 security update Issue date: 2007-09-07 CVE Names: CVE-2007-4743 The MIT Kerberos Team discovered a problem with the originally published patch for svc_auth_gss.c (CVE-2007-3999). A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-4743) SL 5.x SRPMS: krb5-devel-1.5-29.src.rpm i386: krb5-devel-1.5-29.i386.rpm krb5-libs-1.5-29.i386.rpm krb5-server-1.5-29.i386.rpm krb5-workstation-1.5-29.i386.rpm x86_64: krb5-devel-1.5-29.i386.rpm krb5-devel-1.5-29.x86_64.rpm krb5-libs-1.5-29.i386.rpm krb5-libs-1.5-29.x86_64.rpm krb5-server-1.5-29.x86_64.rpm krb5-workstation-1.5-29.x86_64.rpm -Connie Sieh -Troy Dawson