Main Vulnerability Database SB2017100517

SB2017100517 - Arch Linux update for lib32-krb5

Published: October 5, 2017

Security Bulletin ID SB2017100517

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Double free error (CVE-ID: CVE-2017-11462)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to double free during the automatic deletion of security contexts on error by the GSS-API. A remote attacker can delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context(), trigger memory corruption and cause denial of service or execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://security.archlinux.org/advisory/ASA-201710-9