Updated mod_auth_kerb packages that fix a security flaw and a bug in
multiple realm handling are now available for CentOS Linux 4.
This update has been rated as having low security impact by the CentOS
Security Response Team.
mod_auth_kerb is module for the Apache HTTP Server designed to
provide Kerberos authentication over HTTP.
An off by one flaw was found in the way mod_auth_kerb handles certain
Kerberos authentication messages. A remote client could send a specially
crafted authentication request which could crash an httpd child process
A bug in the handling of multiple realms configured using the
"KrbAuthRealms" directive has also been fixed.
All users of mod_auth_kerb should upgrade to these updated packages, which
contain backported patches that resolve these issues.