Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:0846-1

Опубликовано: 29 мар. 2018
Источник: suse-cvrf

Описание

Security update for krb5

This update for krb5 provides the following fixes:

Security issues fixed:

  • CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927).
  • CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926).

Non-security issues fixed:

  • Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662)
  • Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
krb5-1.12.5-40.23.2
krb5-32bit-1.12.5-40.23.2
krb5-client-1.12.5-40.23.2
SUSE Linux Enterprise Desktop 12 SP3
krb5-1.12.5-40.23.2
krb5-32bit-1.12.5-40.23.2
krb5-client-1.12.5-40.23.2
SUSE Linux Enterprise Server 12 SP2
krb5-1.12.5-40.23.2
krb5-32bit-1.12.5-40.23.2
krb5-client-1.12.5-40.23.2
krb5-doc-1.12.5-40.23.2
krb5-plugin-kdb-ldap-1.12.5-40.23.2
krb5-plugin-preauth-otp-1.12.5-40.23.2
krb5-plugin-preauth-pkinit-1.12.5-40.23.2
krb5-server-1.12.5-40.23.2
SUSE Linux Enterprise Server 12 SP3
krb5-1.12.5-40.23.2
krb5-32bit-1.12.5-40.23.2
krb5-client-1.12.5-40.23.2
krb5-doc-1.12.5-40.23.2
krb5-plugin-kdb-ldap-1.12.5-40.23.2
krb5-plugin-preauth-otp-1.12.5-40.23.2
krb5-plugin-preauth-pkinit-1.12.5-40.23.2
krb5-server-1.12.5-40.23.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
krb5-1.12.5-40.23.2
krb5-client-1.12.5-40.23.2
krb5-doc-1.12.5-40.23.2
krb5-plugin-kdb-ldap-1.12.5-40.23.2
krb5-plugin-preauth-otp-1.12.5-40.23.2
krb5-plugin-preauth-pkinit-1.12.5-40.23.2
krb5-server-1.12.5-40.23.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
krb5-1.12.5-40.23.2
krb5-32bit-1.12.5-40.23.2
krb5-client-1.12.5-40.23.2
krb5-doc-1.12.5-40.23.2
krb5-plugin-kdb-ldap-1.12.5-40.23.2
krb5-plugin-preauth-otp-1.12.5-40.23.2
krb5-plugin-preauth-pkinit-1.12.5-40.23.2
krb5-server-1.12.5-40.23.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
krb5-1.12.5-40.23.2
krb5-32bit-1.12.5-40.23.2
krb5-client-1.12.5-40.23.2
krb5-doc-1.12.5-40.23.2
krb5-plugin-kdb-ldap-1.12.5-40.23.2
krb5-plugin-preauth-otp-1.12.5-40.23.2
krb5-plugin-preauth-pkinit-1.12.5-40.23.2
krb5-server-1.12.5-40.23.2
SUSE Linux Enterprise Software Development Kit 12 SP2
krb5-devel-1.12.5-40.23.2
SUSE Linux Enterprise Software Development Kit 12 SP3
krb5-devel-1.12.5-40.23.2

Ссылки

Описание

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:krb5-1.12.5-40.23.2
SUSE Linux Enterprise Desktop 12 SP2:krb5-32bit-1.12.5-40.23.2
SUSE Linux Enterprise Desktop 12 SP2:krb5-client-1.12.5-40.23.2
SUSE Linux Enterprise Desktop 12 SP3:krb5-1.12.5-40.23.2
Ссылки

Описание

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:krb5-1.12.5-40.23.2
SUSE Linux Enterprise Desktop 12 SP2:krb5-32bit-1.12.5-40.23.2
SUSE Linux Enterprise Desktop 12 SP2:krb5-client-1.12.5-40.23.2
SUSE Linux Enterprise Desktop 12 SP3:krb5-1.12.5-40.23.2
Ссылки
Уязвимость SUSE-SU-2018:0846-1