Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 24 articles for you...
100
security advisoryimportantmemory leakSUSE: 2024:0999-1 Critical Update: Resolution for krb5 Memory Leak Issue
* bsc#1220770 * bsc#1220771 Cross-References: * CVE-2024-26458 . # Security update for krb5 Announcement ID: SUSE-SU-2024:0999-1 Rating: important References: * bsc#1220770 * bsc#1220771 Cross-References: * CVE-2024-26458 * CVE-2024-26461 CVSS scores: * CVE-2024-26458 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26461 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for krb5 fixes the following issues: * CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). * CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-999=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-999=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-999=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * krb5-plugin-preauth-pkinit-1.16.3-150100.3.33.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.33.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.33.1 * krb5-server-1.16.3-150100.3.33.1 * krb5-debugsource-1.16.3-150100.3.33.1 * krb5-devel-1.16.3-150100.3.33.1 * krb5-plugin-preauth-otp-1.16.3-150100.3.33.1 * krb5-client-debuginfo-1.16.3-150100.3.33.1 * krb5-client-1.16.3-150100.3.33.1 * krb5-server-debuginfo-1.16.3-150100.3.33.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.33.1 * krb5-1.16.3-150100.3.33.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.33.1 * krb5-debuginfo-1.16.3-150100.3.33.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.33.1 * krb5-32bit-1.16.3-150100.3.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * krb5-plugin-preauth-pkinit-1.16.3-150100.3.33.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.33.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.33.1 * krb5-server-1.16.3-150100.3.33.1 * krb5-debugsource-1.16.3-150100.3.33.1 * krb5-devel-1.16.3-150100.3.33.1 * krb5-plugin-preauth-otp-1.16.3-150100.3.33.1 * krb5-client-debuginfo-1.16.3-150100.3.33.1 * krb5-client-1.16.3-150100.3.33.1 * krb5-server-debuginfo-1.16.3-150100.3.33.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.33.1 * krb5-1.16.3-150100.3.33.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.33.1 * krb5-debuginfo-1.16.3-150100.3.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.33.1 * krb5-32bit-1.16.3-150100.3.33.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * krb5-plugin-preauth-pkinit-1.16.3-150100.3.33.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.33.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.33.1 * krb5-server-1.16.3-150100.3.33.1 * krb5-debugsource-1.16.3-150100.3.33.1 * krb5-devel-1.16.3-150100.3.33.1 * krb5-plugin-preauth-otp-1.16.3-150100.3.33.1 * krb5-client-debuginfo-1.16.3-150100.3.33.1 * krb5-client-1.16.3-150100.3.33.1 * krb5-server-debuginfo-1.16.3-150100.3.33.1 *krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.33.1 * krb5-1.16.3-150100.3.33.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.33.1 * krb5-debuginfo-1.16.3-150100.3.33.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.33.1 * krb5-32bit-1.16.3-150100.3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2024-26458.html * https://www.suse.com/security/cve/CVE-2024-26461.html * https://bugzilla.suse.com/show_bug.cgi?id=1220770 * https://bugzilla.suse.com/show_bug.cgi?id=1220771 . CentOS releases vital OpenSSL security patch resolving major vulnerabilities. Make sure your servers are updated.. krb5 update,SUSE security advisory,memory leak patch,security update,system patching. . Severity: Important. LinuxSecurity.com Team
Mar 26, 2024
•Important
SuSE
100
security advisoryDoSimportantSUSE: 2023:2695-1 Important: bci/nodejs Security Update Details
The container bci/nodejs was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2695-1 Container Tags : bci/node:16 , bci/node:16-9.30 , bci/nodejs:16 , bci/nodejs:16-9.30 Container Release : 9.30 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated . SUSE Container Notice regarding bci/nodejs encompasses critical updates addressing DoS and various security issues. Discover further details within.. bci/nodejs security, container update, SUSE advisory, nodejs security, DoS fixes. . Severity: Important. LinuxSecurity.com Team
Aug 17, 2023
•Important
SuSE
98
security advisoryRed Hatsecurity fixRed Hat 9 RHSA-2023-2570-01 Moderate: Kerberos Delegation Bypass
An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security, bug fix, and enhancement update Advisory ID: RHSA-2023:2570-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2570 Issue date: 2023-05-09 CVE Names: CVE-2020-17049 ==================================================================== 1. Summary: An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a later upstream version: krb5 (1.20.1). (BZ#2016312) Security Fix(es): * Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1956994 - CVE-2020-17049 krb5: Kerberos: delegation constrain bypass in S4U2Proxy [rhel-9] 2016312 - Rebase krb5 to latest upstream release 1.20 [rhel-9] 2025721 - CVE-2020-17049 Kerberos: delegation constrain bypass in S4U2Proxy 2063838 - Mishandling of CMS_verify() errors in PKINIT plugin 2068535 - Modify supported_enctypes (kdc.conf) and add aes256/128-sha2 enctypes due to FIPS 2121099 - Incorrect password expiration handling [rhel-9] 2151513 - upstream test t_discover_uri.py failed [rhel-9.2] 2159643 - Cannot set root as file owner using install in Mock build environment 2162461 - creating of user principal failed with Cryptosystem internal error when the aes256-cts is used (FIPS) 2165827 - CVE-2022-37967: MS-PAC extended KDC signature [rhel-9] 2166603 - KDB: double free in kdb5_create.c:add_principal() 2169985 - add krb5 principal failed with specific datetime string in pwexpire option (s390x, coredump) 6. Package List: Red Hat Enterprise Linux AppStream (v.9): aarch64: krb5-debuginfo-1.20.1-8.el9.aarch64.rpm krb5-debugsource-1.20.1-8.el9.aarch64.rpm krb5-devel-1.20.1-8.el9.aarch64.rpm krb5-libs-debuginfo-1.20.1-8.el9.aarch64.rpm krb5-pkinit-debuginfo-1.20.1-8.el9.aarch64.rpm krb5-server-debuginfo-1.20.1-8.el9.aarch64.rpm krb5-server-ldap-debuginfo-1.20.1-8.el9.aarch64.rpm krb5-workstation-debuginfo-1.20.1-8.el9.aarch64.rpm libkadm5-debuginfo-1.20.1-8.el9.aarch64.rpm ppc64le: krb5-debuginfo-1.20.1-8.el9.ppc64le.rpm krb5-debugsource-1.20.1-8.el9.ppc64le.rpm krb5-devel-1.20.1-8.el9.ppc64le.rpm krb5-libs-debuginfo-1.20.1-8.el9.ppc64le.rpm krb5-pkinit-debuginfo-1.20.1-8.el9.ppc64le.rpm krb5-server-debuginfo-1.20.1-8.el9.ppc64le.rpm krb5-server-ldap-debuginfo-1.20.1-8.el9.ppc64le.rpm krb5-workstation-debuginfo-1.20.1-8.el9.ppc64le.rpm libkadm5-debuginfo-1.20.1-8.el9.ppc64le.rpm s390x: krb5-debuginfo-1.20.1-8.el9.s390x.rpm krb5-debugsource-1.20.1-8.el9.s390x.rpm krb5-devel-1.20.1-8.el9.s390x.rpm krb5-libs-debuginfo-1.20.1-8.el9.s390x.rpm krb5-pkinit-debuginfo-1.20.1-8.el9.s390x.rpm krb5-server-debuginfo-1.20.1-8.el9.s390x.rpm krb5-server-ldap-debuginfo-1.20.1-8.el9.s390x.rpm krb5-workstation-debuginfo-1.20.1-8.el9.s390x.rpm libkadm5-debuginfo-1.20.1-8.el9.s390x.rpm x86_64: krb5-debuginfo-1.20.1-8.el9.i686.rpm krb5-debuginfo-1.20.1-8.el9.x86_64.rpm krb5-debugsource-1.20.1-8.el9.i686.rpm krb5-debugsource-1.20.1-8.el9.x86_64.rpm krb5-devel-1.20.1-8.el9.i686.rpm krb5-devel-1.20.1-8.el9.x86_64.rpm krb5-libs-debuginfo-1.20.1-8.el9.i686.rpm krb5-libs-debuginfo-1.20.1-8.el9.x86_64.rpm krb5-pkinit-debuginfo-1.20.1-8.el9.i686.rpm krb5-pkinit-debuginfo-1.20.1-8.el9.x86_64.rpm krb5-server-debuginfo-1.20.1-8.el9.i686.rpm krb5-server-debuginfo-1.20.1-8.el9.x86_64.rpm krb5-server-ldap-debuginfo-1.20.1-8.el9.i686.rpm krb5-server-ldap-debuginfo-1.20.1-8.el9.x86_64.rpm krb5-workstation-debuginfo-1.20.1-8.el9.i686.rpm krb5-workstation-debuginfo-1.20.1-8.el9.x86_64.rpm libkadm5-debuginfo-1.20.1-8.el9.i686.rpm libkadm5-debuginfo-1.20.1-8.el9.x86_64.rpm Red Hat Enterprise Linux BaseOS(v.9): Source: krb5-1.20.1-8.el9.src.rpm aarch64: krb5-debuginfo-1.20.1-8.el9.aarch64.rpm krb5-debugsource-1.20.1-8.el9.aarch64.rpm krb5-libs-1.20.1-8.el9.aarch64.rpm krb5-libs-debuginfo-1.20.1-8.el9.aarch64.rpm krb5-pkinit-1.20.1-8.el9.aarch64.rpm krb5-pkinit-debuginfo-1.20.1-8.el9.aarch64.rpm krb5-server-1.20.1-8.el9.aarch64.rpm krb5-server-debuginfo-1.20.1-8.el9.aarch64.rpm krb5-server-ldap-1.20.1-8.el9.aarch64.rpm krb5-server-ldap-debuginfo-1.20.1-8.el9.aarch64.rpm krb5-workstation-1.20.1-8.el9.aarch64.rpm krb5-workstation-debuginfo-1.20.1-8.el9.aarch64.rpm libkadm5-1.20.1-8.el9.aarch64.rpm libkadm5-debuginfo-1.20.1-8.el9.aarch64.rpm ppc64le: krb5-debuginfo-1.20.1-8.el9.ppc64le.rpm krb5-debugsource-1.20.1-8.el9.ppc64le.rpm krb5-libs-1.20.1-8.el9.ppc64le.rpm krb5-libs-debuginfo-1.20.1-8.el9.ppc64le.rpm krb5-pkinit-1.20.1-8.el9.ppc64le.rpm krb5-pkinit-debuginfo-1.20.1-8.el9.ppc64le.rpm krb5-server-1.20.1-8.el9.ppc64le.rpm krb5-server-debuginfo-1.20.1-8.el9.ppc64le.rpm krb5-server-ldap-1.20.1-8.el9.ppc64le.rpm krb5-server-ldap-debuginfo-1.20.1-8.el9.ppc64le.rpm krb5-workstation-1.20.1-8.el9.ppc64le.rpm krb5-workstation-debuginfo-1.20.1-8.el9.ppc64le.rpm libkadm5-1.20.1-8.el9.ppc64le.rpm libkadm5-debuginfo-1.20.1-8.el9.ppc64le.rpm s390x: krb5-debuginfo-1.20.1-8.el9.s390x.rpm krb5-debugsource-1.20.1-8.el9.s390x.rpm krb5-libs-1.20.1-8.el9.s390x.rpm krb5-libs-debuginfo-1.20.1-8.el9.s390x.rpm krb5-pkinit-1.20.1-8.el9.s390x.rpm krb5-pkinit-debuginfo-1.20.1-8.el9.s390x.rpm krb5-server-1.20.1-8.el9.s390x.rpm krb5-server-debuginfo-1.20.1-8.el9.s390x.rpm krb5-server-ldap-1.20.1-8.el9.s390x.rpm krb5-server-ldap-debuginfo-1.20.1-8.el9.s390x.rpm krb5-workstation-1.20.1-8.el9.s390x.rpm krb5-workstation-debuginfo-1.20.1-8.el9.s390x.rpm libkadm5-1.20.1-8.el9.s390x.rpm libkadm5-debuginfo-1.20.1-8.el9.s390x.rpm x86_64: krb5-debuginfo-1.20.1-8.el9.i686.rpm krb5-debuginfo-1.20.1-8.el9.x86_64.rpm krb5-debugsource-1.20.1-8.el9.i686.rpm krb5-debugsource-1.20.1-8.el9.x86_64.rpm krb5-libs-1.20.1-8.el9.i686.rpm krb5-libs-1.20.1-8.el9.x86_64.rpm krb5-libs-debuginfo-1.20.1-8.el9.i686.rpm krb5-libs-debuginfo-1.20.1-8.el9.x86_64.rpm krb5-pkinit-1.20.1-8.el9.i686.rpm krb5-pkinit-1.20.1-8.el9.x86_64.rpm krb5-pkinit-debuginfo-1.20.1-8.el9.i686.rpm krb5-pkinit-debuginfo-1.20.1-8.el9.x86_64.rpm krb5-server-1.20.1-8.el9.i686.rpm krb5-server-1.20.1-8.el9.x86_64.rpm krb5-server-debuginfo-1.20.1-8.el9.i686.rpm krb5-server-debuginfo-1.20.1-8.el9.x86_64.rpm krb5-server-ldap-1.20.1-8.el9.i686.rpm krb5-server-ldap-1.20.1-8.el9.x86_64.rpm krb5-server-ldap-debuginfo-1.20.1-8.el9.i686.rpm krb5-server-ldap-debuginfo-1.20.1-8.el9.x86_64.rpm krb5-workstation-1.20.1-8.el9.x86_64.rpm krb5-workstation-debuginfo-1.20.1-8.el9.i686.rpm krb5-workstation-debuginfo-1.20.1-8.el9.x86_64.rpm libkadm5-1.20.1-8.el9.i686.rpm libkadm5-1.20.1-8.el9.x86_64.rpm libkadm5-debuginfo-1.20.1-8.el9.i686.rpm libkadm5-debuginfo-1.20.1-8.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-17049 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZFo18tzjgjWX9erEAQhKwRAAgVNswDfJwf66bbkVlkMJkkE/weDgePKI nIpK7ThNNtRBBGupipzwcCLdgLOgAXCZsBQ8YZEFnkWKdwVRMZu6aYmjHQ9R9b8U XYqBvaStpLgkJ5PlmtOwDmGkruGJL9VvLAfx6NxhqaM+Bpcbd466aKbgDb/VCirk sKv5MOGujlVnrQ/LfTrLg/fbq0se484e6g9OLa+XFxnAe9ig8WaJ2dOe5gr48LUo znz4SSXNGnQusJLGUzbsm4JdxH289Z1NWBKLmyrIOxxlkuW2AAcKsYSG1gQQRX9i 3hMQ9vCozDOnq+RYJMc4txiL0q2iL3g5zwGVRkBGuHgIiNXZaJFz3SAQRCS98mpW auFpkNnMKiYad+tlavHsPUH/jpWr1qZC5EBfAI58Wq9bKx9fanFqxKGGSEy9EFpx nhjx5FlpEjD8NcOLsLm6BmMkXyecmPBuqFCSUByGJXRyuLQUCDqky8U0kYt2/ZnQ CsXS2VP5FNMLVQcSmGBwMJnWC1OP4vvGGrsQiFkMBkSooEjiS8ImUhqSAnKNSqHJ myMJd3p6Jmdy1A81PdifJGeo72O+9Z11D5Jiwxb0Pp1bYmNUN5ye6v5qMUxc1E5W Li2m1kieLNJEGsWZPeDqwKiTwLlOn/gM3ed5eohRl9TUBHt3dRo8xWQ9+CKLgyaH mtg6CsZwd+Y=CtK8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 09, 2023
Red Hat
217
security advisorycriticalsecurity patchOracle Linux 6: ELSA-2023-12104 Critical: krb5 Integer Overflow
The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-12104 https://linux.oracle.com/errata/ELSA-2023-12104.html The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: krb5-devel-1.10.3-65.0.1.el6.i686.rpm krb5-libs-1.10.3-65.0.1.el6.i686.rpm krb5-pkinit-openssl-1.10.3-65.0.1.el6.i686.rpm krb5-server-1.10.3-65.0.1.el6.i686.rpm krb5-server-ldap-1.10.3-65.0.1.el6.i686.rpm krb5-workstation-1.10.3-65.0.1.el6.i686.rpm libkadm5-1.10.3-65.0.1.el6.i686.rpm x86_64: krb5-devel-1.10.3-65.0.1.el6.i686.rpm krb5-devel-1.10.3-65.0.1.el6.x86_64.rpm krb5-libs-1.10.3-65.0.1.el6.i686.rpm krb5-libs-1.10.3-65.0.1.el6.x86_64.rpm krb5-pkinit-openssl-1.10.3-65.0.1.el6.x86_64.rpm krb5-server-1.10.3-65.0.1.el6.x86_64.rpm krb5-server-ldap-1.10.3-65.0.1.el6.i686.rpm krb5-server-ldap-1.10.3-65.0.1.el6.x86_64.rpm krb5-workstation-1.10.3-65.0.1.el6.x86_64.rpm libkadm5-1.10.3-65.0.1.el6.i686.rpm libkadm5-1.10.3-65.0.1.el6.x86_64.rpm Related CVEs: CVE-2022-42898 Description of changes: [1.10.3-65.0.1] - Fix integer overflows in PAC parsing (CVE-2022-42898) [Orabug: 34843511] _______________________________________________ El-errata mailing list
Feb 09, 2023
•Critical
Oracle
202
security advisorysoftware updateinteger overflowopenSUSE: 2023:0199-1 Critical: libcurl Buffer Overflow Vulnerability
An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0198-1 Rating: important References: #1205126 Cross-References: CVE-2022-42898 CVSS scores: CVE-2022-42898 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42898 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-198=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-198=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patchSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-198=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-198=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-198=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-198=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-198=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-198=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-198=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-198=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-198=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-198=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): krb5-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Manager Server 4.2 (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): krb5-1.19.2-150300.10.1 krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Manager Proxy 4.2 (x86_64): krb5-1.19.2-150300.10.1 krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): krb5-1.19.2-150300.10.1 krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): krb5-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): krb5-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 - SUSE LinuxEnterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Enterprise Storage 7.1 (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 References: https://www.suse.com/security/cve/CVE-2022-42898.html https://bugzilla.suse.com/1205126 . SUSE Security Patchfor krb5 addresses integer overflow, classified as critical. Upgrade accessible for multiple SUSE distributions.. krb5 Security Update,SUSE advisory,important update,integer overflow patch. . Severity: Important. LinuxSecurity.com Team
Jan 27, 2023
•Important
OpenSUSE
98
security advisoryinteger overflowRed Hat EnterpriseRed Hat Enterprise 8 RHSA-2022:8638-01 Important: krb5 Integer Overflow
An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: krb5 security update Advisory ID: RHSA-2022:8638-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8638 Issue date: 2022-11-28 CVE Names: CVE-2022-42898 ==================================================================== 1. Summary: An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: krb5-1.18.2-22.el8_7.src.rpm aarch64: krb5-debuginfo-1.18.2-22.el8_7.aarch64.rpm krb5-debugsource-1.18.2-22.el8_7.aarch64.rpm krb5-devel-1.18.2-22.el8_7.aarch64.rpm krb5-devel-debuginfo-1.18.2-22.el8_7.aarch64.rpm krb5-libs-1.18.2-22.el8_7.aarch64.rpm krb5-libs-debuginfo-1.18.2-22.el8_7.aarch64.rpm krb5-pkinit-1.18.2-22.el8_7.aarch64.rpm krb5-pkinit-debuginfo-1.18.2-22.el8_7.aarch64.rpm krb5-server-1.18.2-22.el8_7.aarch64.rpm krb5-server-debuginfo-1.18.2-22.el8_7.aarch64.rpm krb5-server-ldap-1.18.2-22.el8_7.aarch64.rpm krb5-server-ldap-debuginfo-1.18.2-22.el8_7.aarch64.rpm krb5-workstation-1.18.2-22.el8_7.aarch64.rpm krb5-workstation-debuginfo-1.18.2-22.el8_7.aarch64.rpm libkadm5-1.18.2-22.el8_7.aarch64.rpm libkadm5-debuginfo-1.18.2-22.el8_7.aarch64.rpm ppc64le: krb5-debuginfo-1.18.2-22.el8_7.ppc64le.rpm krb5-debugsource-1.18.2-22.el8_7.ppc64le.rpm krb5-devel-1.18.2-22.el8_7.ppc64le.rpm krb5-devel-debuginfo-1.18.2-22.el8_7.ppc64le.rpm krb5-libs-1.18.2-22.el8_7.ppc64le.rpm krb5-libs-debuginfo-1.18.2-22.el8_7.ppc64le.rpm krb5-pkinit-1.18.2-22.el8_7.ppc64le.rpm krb5-pkinit-debuginfo-1.18.2-22.el8_7.ppc64le.rpm krb5-server-1.18.2-22.el8_7.ppc64le.rpm krb5-server-debuginfo-1.18.2-22.el8_7.ppc64le.rpm krb5-server-ldap-1.18.2-22.el8_7.ppc64le.rpm krb5-server-ldap-debuginfo-1.18.2-22.el8_7.ppc64le.rpm krb5-workstation-1.18.2-22.el8_7.ppc64le.rpm krb5-workstation-debuginfo-1.18.2-22.el8_7.ppc64le.rpm libkadm5-1.18.2-22.el8_7.ppc64le.rpm libkadm5-debuginfo-1.18.2-22.el8_7.ppc64le.rpm s390x: krb5-debuginfo-1.18.2-22.el8_7.s390x.rpm krb5-debugsource-1.18.2-22.el8_7.s390x.rpm krb5-devel-1.18.2-22.el8_7.s390x.rpm krb5-devel-debuginfo-1.18.2-22.el8_7.s390x.rpm krb5-libs-1.18.2-22.el8_7.s390x.rpm krb5-libs-debuginfo-1.18.2-22.el8_7.s390x.rpm krb5-pkinit-1.18.2-22.el8_7.s390x.rpm krb5-pkinit-debuginfo-1.18.2-22.el8_7.s390x.rpm krb5-server-1.18.2-22.el8_7.s390x.rpm krb5-server-debuginfo-1.18.2-22.el8_7.s390x.rpm krb5-server-ldap-1.18.2-22.el8_7.s390x.rpm krb5-server-ldap-debuginfo-1.18.2-22.el8_7.s390x.rpm krb5-workstation-1.18.2-22.el8_7.s390x.rpm krb5-workstation-debuginfo-1.18.2-22.el8_7.s390x.rpm libkadm5-1.18.2-22.el8_7.s390x.rpm libkadm5-debuginfo-1.18.2-22.el8_7.s390x.rpm x86_64: krb5-debuginfo-1.18.2-22.el8_7.i686.rpm krb5-debuginfo-1.18.2-22.el8_7.x86_64.rpm krb5-debugsource-1.18.2-22.el8_7.i686.rpm krb5-debugsource-1.18.2-22.el8_7.x86_64.rpm krb5-devel-1.18.2-22.el8_7.i686.rpm krb5-devel-1.18.2-22.el8_7.x86_64.rpm krb5-devel-debuginfo-1.18.2-22.el8_7.i686.rpm krb5-devel-debuginfo-1.18.2-22.el8_7.x86_64.rpm krb5-libs-1.18.2-22.el8_7.i686.rpm krb5-libs-1.18.2-22.el8_7.x86_64.rpm krb5-libs-debuginfo-1.18.2-22.el8_7.i686.rpm krb5-libs-debuginfo-1.18.2-22.el8_7.x86_64.rpm krb5-pkinit-1.18.2-22.el8_7.i686.rpm krb5-pkinit-1.18.2-22.el8_7.x86_64.rpm krb5-pkinit-debuginfo-1.18.2-22.el8_7.i686.rpm krb5-pkinit-debuginfo-1.18.2-22.el8_7.x86_64.rpm krb5-server-1.18.2-22.el8_7.i686.rpm krb5-server-1.18.2-22.el8_7.x86_64.rpm krb5-server-debuginfo-1.18.2-22.el8_7.i686.rpm krb5-server-debuginfo-1.18.2-22.el8_7.x86_64.rpm krb5-server-ldap-1.18.2-22.el8_7.i686.rpm krb5-server-ldap-1.18.2-22.el8_7.x86_64.rpm krb5-server-ldap-debuginfo-1.18.2-22.el8_7.i686.rpm krb5-server-ldap-debuginfo-1.18.2-22.el8_7.x86_64.rpm krb5-workstation-1.18.2-22.el8_7.x86_64.rpm krb5-workstation-debuginfo-1.18.2-22.el8_7.i686.rpm krb5-workstation-debuginfo-1.18.2-22.el8_7.x86_64.rpm libkadm5-1.18.2-22.el8_7.i686.rpm libkadm5-1.18.2-22.el8_7.x86_64.rpm libkadm5-debuginfo-1.18.2-22.el8_7.i686.rpm libkadm5-debuginfo-1.18.2-22.el8_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY4Sv69zjgjWX9erEAQjfMA/8C0VQ8Rz6G2RN1892EbkRxpb/xwJ65KrW 3WQBXoCxqg4svMHKVwJhQ3kWFjQw22M5E3bsRgD6XgArgU1ODqCaPNJ9aMKseHaS e16vM650AeZy/ojkd7bBkrVBrJD++0hxE/HAUIIAbII07gbbED0TAzARCFe4YPr2 BcZV9WVKquSyJwXZP/Z/EhB47yLiQ7ufOQqvrDTPKQVEpXc22oBTSU2rHPScKErB FXOwQPF/5BC8p4iUHVCXYEPjcNlgsSJ+vPmNF9lSo5y+YiOWno5ez1BVRIZw6KWS XP3USI2yHYUmAqCQUTigj8G7Q0kaVwNuWP7nRB+c1M7KEuWw0rMpmq7Iqh3y1pZx KKgdPsaIhwHl82OjpcJBYfuYSrZg//HVo1kQ3cCmkLC9AfP9is12mdcJWaHEF8Xu balS/tO9KfaUl3GhcKeFLssSgZCSujxY9wnIxT2Xqb6n2cSDIMXF0EUcOxnCfcxE PEOZUiDcn4CJRsB403qenFMbUPzi9JKScziEeGvUf+dxPa+cZpyRMJc4q6x3vmV5 8fa9YFo26P50qQpChQWQR/1P0IjVCvghd53KMmqSJ8DOaXun3se9x5/a9jiRB8yB 9YnFQcX7jRd9Ek+9t1Z3Y8nsrpRH77jpv4tJLcCifkvLEJoqCFbREzmbtRaaRBDs W15PA4Qcmk8=yJh5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 28, 2022
•Important
Red Hat
98
security advisoryred hatinteger overflowRed Hat Enterprise Linux 8.4: RHSA-2022-8639-01 Critical Update on krb5
An update for krb5 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: krb5 security update Advisory ID: RHSA-2022:8639-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8639 Issue date: 2022-11-28 CVE Names: CVE-2022-42898 ==================================================================== 1. Summary: An update for krb5 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installingthe updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing 6. Package List: Red Hat Enterprise Linux BaseOS EUS(v.8.4): Source: krb5-1.18.2-9.el8_4.src.rpm aarch64: krb5-debuginfo-1.18.2-9.el8_4.aarch64.rpm krb5-debugsource-1.18.2-9.el8_4.aarch64.rpm krb5-devel-1.18.2-9.el8_4.aarch64.rpm krb5-devel-debuginfo-1.18.2-9.el8_4.aarch64.rpm krb5-libs-1.18.2-9.el8_4.aarch64.rpm krb5-libs-debuginfo-1.18.2-9.el8_4.aarch64.rpm krb5-pkinit-1.18.2-9.el8_4.aarch64.rpm krb5-pkinit-debuginfo-1.18.2-9.el8_4.aarch64.rpm krb5-server-1.18.2-9.el8_4.aarch64.rpm krb5-server-debuginfo-1.18.2-9.el8_4.aarch64.rpm krb5-server-ldap-1.18.2-9.el8_4.aarch64.rpm krb5-server-ldap-debuginfo-1.18.2-9.el8_4.aarch64.rpm krb5-workstation-1.18.2-9.el8_4.aarch64.rpm krb5-workstation-debuginfo-1.18.2-9.el8_4.aarch64.rpm libkadm5-1.18.2-9.el8_4.aarch64.rpm libkadm5-debuginfo-1.18.2-9.el8_4.aarch64.rpm ppc64le: krb5-debuginfo-1.18.2-9.el8_4.ppc64le.rpm krb5-debugsource-1.18.2-9.el8_4.ppc64le.rpm krb5-devel-1.18.2-9.el8_4.ppc64le.rpm krb5-devel-debuginfo-1.18.2-9.el8_4.ppc64le.rpm krb5-libs-1.18.2-9.el8_4.ppc64le.rpm krb5-libs-debuginfo-1.18.2-9.el8_4.ppc64le.rpm krb5-pkinit-1.18.2-9.el8_4.ppc64le.rpm krb5-pkinit-debuginfo-1.18.2-9.el8_4.ppc64le.rpm krb5-server-1.18.2-9.el8_4.ppc64le.rpm krb5-server-debuginfo-1.18.2-9.el8_4.ppc64le.rpm krb5-server-ldap-1.18.2-9.el8_4.ppc64le.rpm krb5-server-ldap-debuginfo-1.18.2-9.el8_4.ppc64le.rpm krb5-workstation-1.18.2-9.el8_4.ppc64le.rpm krb5-workstation-debuginfo-1.18.2-9.el8_4.ppc64le.rpm libkadm5-1.18.2-9.el8_4.ppc64le.rpm libkadm5-debuginfo-1.18.2-9.el8_4.ppc64le.rpm s390x: krb5-debuginfo-1.18.2-9.el8_4.s390x.rpm krb5-debugsource-1.18.2-9.el8_4.s390x.rpm krb5-devel-1.18.2-9.el8_4.s390x.rpm krb5-devel-debuginfo-1.18.2-9.el8_4.s390x.rpm krb5-libs-1.18.2-9.el8_4.s390x.rpm krb5-libs-debuginfo-1.18.2-9.el8_4.s390x.rpm krb5-pkinit-1.18.2-9.el8_4.s390x.rpm krb5-pkinit-debuginfo-1.18.2-9.el8_4.s390x.rpm krb5-server-1.18.2-9.el8_4.s390x.rpm krb5-server-debuginfo-1.18.2-9.el8_4.s390x.rpm krb5-server-ldap-1.18.2-9.el8_4.s390x.rpm krb5-server-ldap-debuginfo-1.18.2-9.el8_4.s390x.rpm krb5-workstation-1.18.2-9.el8_4.s390x.rpm krb5-workstation-debuginfo-1.18.2-9.el8_4.s390x.rpm libkadm5-1.18.2-9.el8_4.s390x.rpm libkadm5-debuginfo-1.18.2-9.el8_4.s390x.rpm x86_64: krb5-debuginfo-1.18.2-9.el8_4.i686.rpm krb5-debuginfo-1.18.2-9.el8_4.x86_64.rpm krb5-debugsource-1.18.2-9.el8_4.i686.rpm krb5-debugsource-1.18.2-9.el8_4.x86_64.rpm krb5-devel-1.18.2-9.el8_4.i686.rpm krb5-devel-1.18.2-9.el8_4.x86_64.rpm krb5-devel-debuginfo-1.18.2-9.el8_4.i686.rpm krb5-devel-debuginfo-1.18.2-9.el8_4.x86_64.rpm krb5-libs-1.18.2-9.el8_4.i686.rpm krb5-libs-1.18.2-9.el8_4.x86_64.rpm krb5-libs-debuginfo-1.18.2-9.el8_4.i686.rpm krb5-libs-debuginfo-1.18.2-9.el8_4.x86_64.rpm krb5-pkinit-1.18.2-9.el8_4.i686.rpm krb5-pkinit-1.18.2-9.el8_4.x86_64.rpm krb5-pkinit-debuginfo-1.18.2-9.el8_4.i686.rpm krb5-pkinit-debuginfo-1.18.2-9.el8_4.x86_64.rpm krb5-server-1.18.2-9.el8_4.i686.rpm krb5-server-1.18.2-9.el8_4.x86_64.rpm krb5-server-debuginfo-1.18.2-9.el8_4.i686.rpm krb5-server-debuginfo-1.18.2-9.el8_4.x86_64.rpm krb5-server-ldap-1.18.2-9.el8_4.i686.rpm krb5-server-ldap-1.18.2-9.el8_4.x86_64.rpm krb5-server-ldap-debuginfo-1.18.2-9.el8_4.i686.rpm krb5-server-ldap-debuginfo-1.18.2-9.el8_4.x86_64.rpm krb5-workstation-1.18.2-9.el8_4.x86_64.rpm krb5-workstation-debuginfo-1.18.2-9.el8_4.i686.rpm krb5-workstation-debuginfo-1.18.2-9.el8_4.x86_64.rpm libkadm5-1.18.2-9.el8_4.i686.rpm libkadm5-1.18.2-9.el8_4.x86_64.rpm libkadm5-debuginfo-1.18.2-9.el8_4.i686.rpm libkadm5-debuginfo-1.18.2-9.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY4Sv49zjgjWX9erEAQh3SxAAlHs8v0C9eICUBCsbk8FUMOwLA8ucF3+0 ZsxR7sOmbAkP+yn/wscpy2r7Y1UrvAgD8wNmthhXYT3P9ECwKn6jzo0rOOYK/hCt KNvTJ0/J4T4OY+P2p8iq0FFnoreyY4/YDrl/xdQitlS/kchg7NBop1ci7bGXQIZQ ZhVujO2BZ0DC4x3h7VPAdZRuMPbeApxHAh7WAEmh9UGDybxZNl7h2PkILyw2Gbxk KVjykj8UhM5ABJAQ8zHoug54c3FIIbIOGhLWTw+jig89NtHPber5A2MsuzAOfsvX 5INthSiy1kCPUIAiu9cNeK1Lvq6lRBWT/lGirWeSo3MIByIeKGsFbDOXtJ/SxDRV zpkNDpEfMdFQEM4yj3f1Pu7/Uqm5733K/RVc9Dkjp4+Kfvazgn5RoCfZgjagB8pa fZcVgQnaaRg3rKxTENDKfHIrtbbtud5wnZPyBuw00Oc9eflsemxgaqEbWUdKorrx FqjM7wvOzhrpJDd6L65mEWkCqmMGZ/jLd5fkNegaJAxiNjhY6KtjQf6fkAKs3w/m L6VapI6lJKIJ9MRD0on1WeAFEu72MoD9HorRbZQttJzpejnHawLg4sj7QyAcCD+M dTSxEXOUICYs5I+YzDW19LoB2l6J+1/BoHHD9XZ0JrbplVQs3muIUurk/Q2nDIET A71ohPLD1Gw=5VSF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 28, 2022
•Important
Red Hat
98
security advisoryRed Hat Enterprise Linuxinteger overflowRed Hat Enterprise Linux 7: RHSA-2022:8640-01 Important krb5 Update
An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: krb5 security update Advisory ID: RHSA-2022:8640-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8640 Issue date: 2022-11-28 CVE Names: CVE-2022-42898 ==================================================================== 1. Summary: An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: krb5-1.15.1-55.el7_9.src.rpm x86_64: krb5-debuginfo-1.15.1-55.el7_9.i686.rpm krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm krb5-libs-1.15.1-55.el7_9.i686.rpm krb5-libs-1.15.1-55.el7_9.x86_64.rpm krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm krb5-workstation-1.15.1-55.el7_9.x86_64.rpm libkadm5-1.15.1-55.el7_9.i686.rpm libkadm5-1.15.1-55.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: krb5-debuginfo-1.15.1-55.el7_9.i686.rpm krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm krb5-devel-1.15.1-55.el7_9.i686.rpm krb5-devel-1.15.1-55.el7_9.x86_64.rpm krb5-server-1.15.1-55.el7_9.x86_64.rpm krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: krb5-1.15.1-55.el7_9.src.rpm x86_64: krb5-debuginfo-1.15.1-55.el7_9.i686.rpm krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm krb5-libs-1.15.1-55.el7_9.i686.rpm krb5-libs-1.15.1-55.el7_9.x86_64.rpm krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm krb5-workstation-1.15.1-55.el7_9.x86_64.rpm libkadm5-1.15.1-55.el7_9.i686.rpm libkadm5-1.15.1-55.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: krb5-debuginfo-1.15.1-55.el7_9.i686.rpm krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm krb5-devel-1.15.1-55.el7_9.i686.rpm krb5-devel-1.15.1-55.el7_9.x86_64.rpm krb5-server-1.15.1-55.el7_9.x86_64.rpm krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: krb5-1.15.1-55.el7_9.src.rpm ppc64: krb5-debuginfo-1.15.1-55.el7_9.ppc.rpm krb5-debuginfo-1.15.1-55.el7_9.ppc64.rpm krb5-devel-1.15.1-55.el7_9.ppc.rpm krb5-devel-1.15.1-55.el7_9.ppc64.rpm krb5-libs-1.15.1-55.el7_9.ppc.rpm krb5-libs-1.15.1-55.el7_9.ppc64.rpm krb5-pkinit-1.15.1-55.el7_9.ppc64.rpm krb5-server-1.15.1-55.el7_9.ppc64.rpm krb5-server-ldap-1.15.1-55.el7_9.ppc64.rpm krb5-workstation-1.15.1-55.el7_9.ppc64.rpm libkadm5-1.15.1-55.el7_9.ppc.rpm libkadm5-1.15.1-55.el7_9.ppc64.rpm ppc64le: krb5-debuginfo-1.15.1-55.el7_9.ppc64le.rpm krb5-devel-1.15.1-55.el7_9.ppc64le.rpm krb5-libs-1.15.1-55.el7_9.ppc64le.rpm krb5-pkinit-1.15.1-55.el7_9.ppc64le.rpm krb5-server-1.15.1-55.el7_9.ppc64le.rpm krb5-server-ldap-1.15.1-55.el7_9.ppc64le.rpm krb5-workstation-1.15.1-55.el7_9.ppc64le.rpm libkadm5-1.15.1-55.el7_9.ppc64le.rpm s390x: krb5-debuginfo-1.15.1-55.el7_9.s390.rpm krb5-debuginfo-1.15.1-55.el7_9.s390x.rpm krb5-devel-1.15.1-55.el7_9.s390.rpm krb5-devel-1.15.1-55.el7_9.s390x.rpm krb5-libs-1.15.1-55.el7_9.s390.rpm krb5-libs-1.15.1-55.el7_9.s390x.rpm krb5-pkinit-1.15.1-55.el7_9.s390x.rpm krb5-server-1.15.1-55.el7_9.s390x.rpm krb5-server-ldap-1.15.1-55.el7_9.s390x.rpm krb5-workstation-1.15.1-55.el7_9.s390x.rpm libkadm5-1.15.1-55.el7_9.s390.rpm libkadm5-1.15.1-55.el7_9.s390x.rpm x86_64: krb5-debuginfo-1.15.1-55.el7_9.i686.rpm krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm krb5-devel-1.15.1-55.el7_9.i686.rpm krb5-devel-1.15.1-55.el7_9.x86_64.rpm krb5-libs-1.15.1-55.el7_9.i686.rpm krb5-libs-1.15.1-55.el7_9.x86_64.rpm krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm krb5-server-1.15.1-55.el7_9.x86_64.rpm krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm krb5-workstation-1.15.1-55.el7_9.x86_64.rpm libkadm5-1.15.1-55.el7_9.i686.rpm libkadm5-1.15.1-55.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: krb5-1.15.1-55.el7_9.src.rpm x86_64: krb5-debuginfo-1.15.1-55.el7_9.i686.rpm krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm krb5-devel-1.15.1-55.el7_9.i686.rpm krb5-devel-1.15.1-55.el7_9.x86_64.rpm krb5-libs-1.15.1-55.el7_9.i686.rpm krb5-libs-1.15.1-55.el7_9.x86_64.rpm krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm krb5-server-1.15.1-55.el7_9.x86_64.rpm krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm krb5-workstation-1.15.1-55.el7_9.x86_64.rpm libkadm5-1.15.1-55.el7_9.i686.rpm libkadm5-1.15.1-55.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY4Sv2NzjgjWX9erEAQjkUg/+O0shWTCE7UvmcUeJHK9ij5RvN5xgDajD oJwRHsEqxOcHIx4lEOV/U5Rqdv3AJNvETL8LNaloOEWheOOayFODg/48XAQ7pKop hKmup2SbR1ow+DnK+C2FiuX8sWJbsOtXk4xSrHW2t70egJS+bFrRdy4R+ZA9YCNJ ksEjSfeSg+zkPNWlz+z5HQU1ZC0umaYuzc8hXV1/wY9BA0DytmP6tgX0RWPstxwS P9oxn28LR+fL952rB8rcX68/fAwn9JYktrDLGotX07HY7NlBlSidYUBWTYG2Swzq h/zczLqmfw8qSDqthSjjd9gAQvPHsf2bN6R5877pVWjbEOndGTc8un4FvnjyJJ9Y A6SDYF1WDiYGzlQuj8VsqNknQuBgxeMj64LP/ERR/nlO9Tc7cclKtOSqKTW1xtEy g2ZeMTlzDuJ9ajqEOnppsnz9MPCV1nuC3fcWm9PCOgGO26ze8Inj5Vq2u2IAn5OT Qn/WTKn4UquAJKExuBUuU+R9TVdVg4qOMp9pbqxUDT0QlQAMXreD02SlQhXI/asw hkupge49aQG5WpIQl10GAQCIKaC3CTNs/jZW8z2KFULhNoYyMmVZXQGtkft5OF1l zd63Ygtzf18SWkDino47Y1hBaGSeUkNTaEQ2TR4vKVB9W1DWMJJ67lyU7L5ri072 dySqKRW5r60=XEb5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 28, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!