Fedora has issued an advisory on March 22: https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179220.html Updated and patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated krb5 packages fix security vulnerabilities: It was reported that in all versions of MIT krb5, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module (CVE-2016-3119). The krb5 package has been updated to version 1.12.5 and patched to fix this issue and other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119 http://web.mit.edu/kerberos/krb5-1.12/krb5-1.12.5.html https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179220.html ======================== Updated packages in core/updates_testing: ======================== krb5-1.12.5-1.mga5 libkrb53-devel-1.12.5-1.mga5 libkrb53-1.12.5-1.mga5 krb5-server-1.12.5-1.mga5 krb5-server-ldap-1.12.5-1.mga5 krb5-workstation-1.12.5-1.mga5 krb5-pkinit-openssl-1.12.5-1.mga5 from krb5-1.12.5-1.mga5.src.rpm
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Krb5
Whiteboard: (none) => has_procedure
MGA5-32 on Acer D620 Xfce No installation issues Completed test procedure as per Comment1 : all OK.
CC: (none) => herman.viaeneWhiteboard: has_procedure => has_procedure MGA5-32-OK
Validating. Advisory todo.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsWhiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0123.html
Status: NEW => RESOLVEDResolution: (none) => FIXED