MDVSA-2009:082 -- Mandriva krb5ID: oval:org.secpod.oval:def:300570 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service via invalid ContextFlags data in the reqFlags field in a negTokenInit token . This update provides the fix for that security issue.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2008.1 |
Mandriva Linux 2008.0 |