MITKRB5-SA-2003-001: Multiple vulnerabilities in old releases of MIT Kerberos

Sam Hartman hartmans at
Wed Jan 29 13:29:23 EST 2003

>>>>> "Andreas" == Andreas Hasenack <andreas at> writes:

    Andreas> Em Tue, Jan 28, 2003 at 04:58:13PM -0500, Ken Raeburn
    Andreas> escreveu: (...)

    >> SUMMARY =======
    >> Multiple vulnerabilities have been found in MIT Kerberos 5
    >> releases prior to release 1.2.5.  MIT recommends updating to
    >> 1.2.7 if possible.

    Andreas> Do you realize that version 1.2.7 is still not available
    Andreas> to the rest of the free world?

It is certainly in Debian; the tarball is the same.  Feel free to
check the signature against the MIT release.  We do provide the
signature on the web page.

More information about the krbdev mailing list