Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 8: 2022-0467 Critical: Krb5 Remote Execution And DoS Issue

mageia
Calendar Grey December 17, 2022
Dist Mageia Esm H88
Recent updates to krb5 packages address severe security vulnerabilities, encompassing risks related to remote code execution and potential denial of service attacks.
Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or...

Summary

Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).

References

- https://bugs.mageia.org/show_bug.cgi?id=31157

- https://lists.debian.org/debian-security-announce/2022/msg00257.html

-

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KNFBR437JQZXMPIT2AJCTGKUTQAFEMBY/

- https://www.cve.org/CVERecord?id=CVE-2022-42898

Topics%20covered

Topics Covered

security advisory denial of service remote execution integer overflow information exposure mageia criticial

Resolution

SRPMS

- 8/core/krb5-1.18.3-1.3.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 17 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0467.html
Type: security
CVE: CVE-2022-42898

Topics%20covered

Topics Covered

security advisory denial of service remote execution integer overflow information exposure mageia criticial

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here