Mandriva Linux Security Advisory 2010-246 - Multiple vulnerabilities were discovered and corrected in krb5. An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. An unauthenticated remote attacker has a 1/256 chance of forging KRB-SAFE messages in an application protocol if the targeted pre-existing session uses an RC4 session key. An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted pre-existing application session uses a DES session key. Various other issues have also been addressed. The updated packages have been patched to correct these issues.
100c7557ed59ca637d4f6b0069c888d50046989349e8acc0e9bed9cabffe8976