CVE-2017-11462

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A double free vulnerability has been discovered in MIT Kerberos 5 (aka krb5) allowing attackers to crash the application or possibly execute arbitrary code via vectors involving automatic deletion of security contexts on error.
Group Package Affected Fixed Severity Status Ticket
AVG-415 lib32-krb5 1.15.1-1 1.15.2-1 High Fixed
AVG-414 krb5 1.15.1-1 1.15.2-1 High Fixed
Date Advisory Group Package Severity Description
05 Oct 2017 ASA-201710-9 AVG-415 lib32-krb5 High arbitrary code execution
05 Oct 2017 ASA-201710-8 AVG-414 krb5 High multiple issues
References
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
https://bugzilla.redhat.com/show_bug.cgi?id=1488873
https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf