Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
99
security advisoryslackwarememory leakSlackware 15.0: 2022-320-01 Moderate: Krb5 Integer Overflow And Memory Leak
New krb5 packages are available for Slackware 15.0 and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] krb5 (SSA:2022-320-01) New krb5 packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/krb5-1.19.2-i586-3_slack15.0.txz: Rebuilt. Fixed integer overflows in PAC parsing. Fixed memory leak in OTP kdcpreauth module. Fixed PKCS11 module path search. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-42898 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: e3638ff4a9fb699409f9a4623a112395 krb5-1.19.2-i586-3_slack15.0.txz Slackware x86_64 15.0 package: 2d31be5d016b673b7e538c01542147e0 krb5-1.19.2-x86_64-3_slack15.0.txz Slackware -current package: ce91855f960dd066145b684893ebe5b2 n/krb5-1.20.1-i586-1.txz Slackware x86_64 -current package: c803c5fc5d4bd1b36aef2036e1fa2f07 n/krb5-1.20.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg krb5-1.19.2-i586-3_slack15.0.txz +-----+ . Latest krb5 updates released for Slackware to fix integer overflow issues and memory leaks. Upgrade to version 15.0 now.. Krb5 Update, Slackware Security, Security Patch, Max Memory Leak, Threat Mitigation. . Severity: Important. LinuxSecurity.com Team
Nov 16, 2022
•Important
Slackware
202
security advisorysystem integrityimportant updateopenSUSE 15.2: 2021:1182-1 Important KDC Null Dereference Fix
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1182-1 Rating: important References: #1188571 Cross-References: CVE-2021-36222 CVSS scores: CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1182=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): krb5-1.16.3-lp152.5.19.1 krb5-client-1.16.3-lp152.5.19.1 krb5-client-debuginfo-1.16.3-lp152.5.19.1 krb5-debuginfo-1.16.3-lp152.5.19.1 krb5-debugsource-1.16.3-lp152.5.19.1 krb5-devel-1.16.3-lp152.5.19.1 krb5-mini-1.16.3-lp152.5.19.1 krb5-mini-debuginfo-1.16.3-lp152.5.19.1 krb5-mini-debugsource-1.16.3-lp152.5.19.1 krb5-mini-devel-1.16.3-lp152.5.19.1 krb5-plugin-kdb-ldap-1.16.3-lp152.5.19.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-lp152.5.19.1 krb5-plugin-preauth-otp-1.16.3-lp152.5.19.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-lp152.5.19.1 krb5-plugin-preauth-pkinit-1.16.3-lp152.5.19.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-lp152.5.19.1 krb5-server-1.16.3-lp152.5.19.1 krb5-server-debuginfo-1.16.3-lp152.5.19.1 - openSUSE Leap 15.2 (x86_64): krb5-32bit-1.16.3-lp152.5.19.1 krb5-32bit-debuginfo-1.16.3-lp152.5.19.1 krb5-devel-32bit-1.16.3-lp152.5.19.1 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://bugzilla.suse.com/1188571 . An update for openSUSE addresses a KDC null pointer dereference, enhancing the security of krb5 and safeguarding the integrity of the system.. openSUSE Update, krb5 Security Patch, KDC Issue Fixes, Important Security Update. . Severity: Important. LinuxSecurity.com Team
Aug 23, 2021
•Important
OpenSUSE
100
security advisoryremote executionimportant updateSUSE: 2012:0010-1 Critical: krb5 Remote Code Execution Fix
An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.. SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0010-1 Rating: important References: #596826 #650650 #698471 #738632 Cross-References: CVE-2011-4862 Affected Products: SUSE Linux Enterprise Server 10 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update of krb5 fixes several security issues. * CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. (This only affects the ktelnetd from the krb5-appl RPM, not the regular telnetd supplied by SUSE.) * CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd unauthorized file access problems. * CVE-2010-1323 / MITKRB5-SA-2010-007: Fixed multiple checksum handling vulnerabilities, where: o krb5 clients might have accepted unkeyed SAM-2 challenge checksums o krb5 might have accepted KRB-SAFE checksums with low-entropy derived keys * CVE-2010-1321, MITKRB5-SA-2010-005: Fixed GSS-API library null pointer dereference Security Issue reference: * CVE-2011-4862 Indications: Please install this update. Package List: - SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64): krb5-1.4.3-19.43.37.1 krb5-apps-clients-1.4.3-19.43.37.1 krb5-apps-servers-1.4.3-19.43.37.1 krb5-client-1.4.3-19.43.37.1 krb5-devel-1.4.3-19.43.37.1 krb5-server-1.4.3-19.43.37.1 - SUSE Linux Enterprise Server 10 SP2 (s390x x86_64): krb5-32bit-1.4.3-19.43.37.1 krb5-devel-32bit-1.4.3-19.43.37.1 References: https://www.suse.com/security/cve/CVE-2011-4862.html https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 . SUSE Security Patch for OpenSSL addresses critical vulnerabilities. Essential update released for users immediately.. SUSE Security, Remote Execution Patch, krb5 Update, Security Issues. . Severity: Important. LinuxSecurity.com Team
Jan 05, 2012
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!