Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2018-0666

Опубликовано: 16 апр. 2018
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2018-0666: krb5 security, bug fix, and enhancement update (MODERATE)

[1.15.1-18]

  • Expose context errors in pkinit_server_plugin_init
  • Resolves: #1460089

[1.15.1-17]

  • Drop certauth test changes that prevented runnig it
  • Resolves: #1498767

[1.15.1-16]

  • Drop irrelevant DIR trigger logic
  • Resolves: #1431198

[1.15.1-15]

  • Fix CVE-2017-7562 (certauth eku bypass)
  • Resolves: #1498767

[1.15.1-14]

  • Fix CVE-2017-11368 (s4u2 request assertion failures)
  • Resolves: #1498768

[1.15.1-13]

  • Force-add /etc/krb5.conf.d so we can guarantee it exists
  • Resolves: #1431198

[1.15.1-12]

  • Add krb5 policy plugin interface
  • Remove soname downgrade
  • Resolves: #1462982

[1.15.1-11]

  • Make t_certauth.py runnable
  • Resolves: #1443388

[1.15.1-10]

  • Add context SSF query support
  • Resolves: #1472956

[1.15.1-9]

  • Remove incomplete PKINIT OCSP support
  • Resolves: #1460089

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

krb5-devel

1.15.1-18.el7

krb5-libs

1.15.1-18.el7

krb5-pkinit

1.15.1-18.el7

krb5-server

1.15.1-18.el7

krb5-server-ldap

1.15.1-18.el7

krb5-workstation

1.15.1-18.el7

libkadm5

1.15.1-18.el7

Oracle Linux x86_64

krb5-devel

1.15.1-18.el7

krb5-libs

1.15.1-18.el7

krb5-pkinit

1.15.1-18.el7

krb5-server

1.15.1-18.el7

krb5-server-ldap

1.15.1-18.el7

krb5-workstation

1.15.1-18.el7

libkadm5

1.15.1-18.el7

Связанные CVE

CVE-2017-7562
CVE-2017-11368

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2017-11368

CVSS3: 6.5
ubuntu
больше 8 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

redhat логотип

CVE-2017-11368

CVSS3: 6.5
redhat
больше 8 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

nvd логотип

CVE-2017-11368

CVSS3: 6.5
nvd
больше 8 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

debian логотип

CVE-2017-11368

CVSS3: 6.5
debian
больше 8 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker ...

ubuntu логотип

CVE-2017-7562

CVSS3: 6.5
ubuntu
больше 7 лет назад

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.