|1.12.1+dfsg-19+deb8u7 (jessie), 1.15-1+deb9u4 (stretch)
It was discovered that there was a potential Denial of Service (DoS) attack against krb5, a suite of tools implementing the Kerberos authentication system. An integer overflow in PAC parsing could have been exploited if a cross-realm entity acted maliciously.
For Debian 8 jessie, these problems have been fixed in version 1.12.1+dfsg-19+deb8u7.
For Debian 9 stretch, these problems have been fixed in version 1.15-1+deb9u4.
We recommend that you upgrade your krb5 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.