USN-4314-1: pam-krb5 vulnerability
31 March 2020
pam-krb5 could be made to execute arbitrary code if it received a specially crafted response.
- libpam-krb5 - PAM module for MIT Kerberos
Russ Allbery discovered that pam-krb5 incorrectly handled some responses.
An attacker could possibly use this issue to execute arbitrary code.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.