Synopsis: Important: krb5 security update Issue date: 2007-09-04 CVE Names: CVE-2007-3999 CVE-2007-4000 Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999) Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-4000) SL 5.x SRPMS: krb5-1.5-28.src.rpm i386: krb5-devel-1.5-28.i386.rpm krb5-libs-1.5-28.i386.rpm krb5-server-1.5-28.i386.rpm krb5-workstation-1.5-28.i386.rpm x86_64: krb5-devel-1.5-28.i386.rpm krb5-devel-1.5-28.x86_64.rpm krb5-libs-1.5-28.i386.rpm krb5-libs-1.5-28.x86_64.rpm krb5-server-1.5-28.x86_64.rpm krb5-workstation-1.5-28.x86_64.rpm -Connie Sieh -Troy Dawson