AVG-505

Package krb5
Status Not affected
Severity Critical
Type arbitrary code execution
Affected 1.15.2-1
Fixed Not affected
Current 1.16.1-1 [core]
Ticket None
Created Sun Nov 19 14:54:10 2017
Issue Severity Remote Type Description
CVE-2017-15088 Critical Yes Arbitrary code execution
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote...
References
https://github.com/krb5/krb5/pull/707
Notes
Marking as not affected, since it looks specific to Red Hat.