Synopsis: Important: krb5 security update Issue date: 2010-11-10 CVE Names: CVE-2010-1322 An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled TGS (Ticket-granting Server) request messages. A remote, authenticated attacker could use this flaw to crash the KDC or, possibly, disclose KDC memory or execute arbitrary code with the privileges of the KDC (krb5kdc). (CVE-2010-1322) After installing the updated packages, the krb5kdc daemon will be restarted automatically. SL 6.x SRPMS: krb5-1.8.2-3.el6_0.1.src.rpm i386: krb5-devel-1.8.2-3.el6_0.1.i686.rpm krb5-libs-1.8.2-3.el6_0.1.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.i686.rpm krb5-server-1.8.2-3.el6_0.1.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.1.i686.rpm krb5-workstation-1.8.2-3.el6_0.1.i686.rpm x86_64: krb5-devel-1.8.2-3.el6_0.1.i686.rpm krb5-devel-1.8.2-3.el6_0.1.x86_64.rpm krb5-libs-1.8.2-3.el6_0.1.i686.rpm krb5-libs-1.8.2-3.el6_0.1.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.x86_64.rpm krb5-server-1.8.2-3.el6_0.1.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.1.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.1.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson