Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-8637

Опубликовано: 29 нояб. 2022
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2022-8637: krb5 security update (IMPORTANT)

[1.19.1-24.0.1]

  • Fixed race condition in krb5_set_password() [Orabug: 33609767]

[1.19.1-24]

  • Fix integer overflows in PAC parsing (CVE-2022-42898)
  • Resolves: rhbz#2140970

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

krb5-devel

1.19.1-24.0.1.el9_1

krb5-libs

1.19.1-24.0.1.el9_1

krb5-pkinit

1.19.1-24.0.1.el9_1

krb5-server

1.19.1-24.0.1.el9_1

krb5-server-ldap

1.19.1-24.0.1.el9_1

krb5-workstation

1.19.1-24.0.1.el9_1

libkadm5

1.19.1-24.0.1.el9_1

Oracle Linux x86_64

krb5-devel

1.19.1-24.0.1.el9_1

krb5-libs

1.19.1-24.0.1.el9_1

krb5-pkinit

1.19.1-24.0.1.el9_1

krb5-server

1.19.1-24.0.1.el9_1

krb5-server-ldap

1.19.1-24.0.1.el9_1

krb5-workstation

1.19.1-24.0.1.el9_1

libkadm5

1.19.1-24.0.1.el9_1

Связанные CVE

CVE-2022-42898

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2022-42898

CVSS3: 8.8
ubuntu
больше 2 лет назад

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

redhat логотип

CVE-2022-42898

CVSS3: 8.8
redhat
больше 2 лет назад

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

nvd логотип

CVE-2022-42898

CVSS3: 8.8
nvd
больше 2 лет назад

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

msrc логотип

CVE-2022-42898

CVSS3: 8.8
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2022-42898

CVSS3: 8.8
debian
больше 2 лет назад

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x befo ...