Is the vulnerability CVE-2017-11462 applicable to older MIT Kerberos 5 releases?
sergeem at yahoo.com
Sun Dec 3 05:10:53 EST 2017
We're using a 3rd party software integrated with the MIT Kerberos 5 library version 1.9.1. This is used to communicate to MS Active Directory in Linux. I found a fix is available for the latest versions 1.13, 1.14, 1.15: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598. However should we apply (back port) the fix to our library 1.9.1? I know that they made few patches in the original MIT Kerberos code, I'm in doubt about an upgrade option.
More information about the krbdev