mod_auth_kerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP.
An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process (CVE-2006-5989).
A bug in the handling of multiple realms configured using the "KrbAuthRealms" directive has also been fixed.
All users of mod_auth_kerb should upgrade to these updated packages, which contain backported patches that resolve these issues.