A vulnerability was found in several independently developed implementations of Kerberos which caused that metadata were taken from the unauthenticated plaintext (the Ticket) rather than the authenticated and encrypted KDC response.
This issue does not affect the version of MIT Kerberos implementation as shipped with Red Hat Enterprise Linux. This issue also does not affect the version of Samba as shipped with Red Hat Enterprise Linux.
Created heimdal tracking bugs for this issue:
Affects: fedora-all [bug 1469998]