MGASA-2016-0123

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2016-3119

Published: 25 Mar 2016, 06:38

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Mar 2016, 06:38

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated krb5 packages fix security vulnerability It was reported that in all versions of MIT krb5, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module (CVE-2016-3119). The krb5 package has been updated to version 1.12.5 and patched to fix this issue and other bugs.

Affected Systems

mageia•krb5
< 1.12.5-1.mga5

References (4)

https://advisories.mageia.org/MGASA-2016-0123.html
https://bugs.mageia.org/show_bug.cgi?id=18058
http://web.mit.edu/kerberos/krb5-1.12/krb5-1.12.5.html
https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179220.html