Описание
Security update for krb5
This update for krb5 fixes several issues.
This security issue was fixed:
- CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995).
- CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926).
- CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927).
This non-security issue was fixed:
- Avoid indefinite polling in KDC communication. (bsc#970696)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2018:0859-1
- E-Mail link for SUSE-SU-2018:0859-1
- SUSE Security Ratings
- SUSE Bug 1056995
- SUSE Bug 1083926
- SUSE Bug 1083927
- SUSE Bug 970696
- SUSE CVE CVE-2017-11462 page
- SUSE CVE CVE-2018-5729 page
- SUSE CVE CVE-2018-5730 page
Описание
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
Затронутые продукты
Ссылки
- CVE-2017-11462
- SUSE Bug 1056995
- SUSE Bug 1122468
Описание
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
Затронутые продукты
Ссылки
- CVE-2018-5729
- SUSE Bug 1076211
- SUSE Bug 1083926
- SUSE Bug 1122468
Описание
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
Затронутые продукты
Ссылки
- CVE-2018-5730
- SUSE Bug 1076211
- SUSE Bug 1083927
- SUSE Bug 1122468