Описание
Security update for krb5
This update for krb5 provides the following fixes:
Security issues fixed:
- CVE-2017-7562: Improper validation of certificate EKU and SAN could lead to authentication bypass. (bsc#1055851)
Non-security issues fixed:
- Set 'rdns' and 'dns_canonicalize_hostname' to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028)
- Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725)
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
krb5-1.12.1-38.5.3
krb5-32bit-1.12.1-38.5.3
krb5-client-1.12.1-38.5.3
krb5-doc-1.12.1-38.5.3
krb5-plugin-kdb-ldap-1.12.1-38.5.3
krb5-plugin-preauth-otp-1.12.1-38.5.3
krb5-plugin-preauth-pkinit-1.12.1-38.5.3
krb5-server-1.12.1-38.5.3
SUSE Linux Enterprise Server 12-LTSS
krb5-1.12.1-38.5.3
krb5-32bit-1.12.1-38.5.3
krb5-client-1.12.1-38.5.3
krb5-doc-1.12.1-38.5.3
krb5-plugin-kdb-ldap-1.12.1-38.5.3
krb5-plugin-preauth-otp-1.12.1-38.5.3
krb5-plugin-preauth-pkinit-1.12.1-38.5.3
krb5-server-1.12.1-38.5.3
SUSE Linux Enterprise Server for SAP Applications 12 SP1
krb5-1.12.1-38.5.3
krb5-32bit-1.12.1-38.5.3
krb5-client-1.12.1-38.5.3
krb5-doc-1.12.1-38.5.3
krb5-plugin-kdb-ldap-1.12.1-38.5.3
krb5-plugin-preauth-otp-1.12.1-38.5.3
krb5-plugin-preauth-pkinit-1.12.1-38.5.3
krb5-server-1.12.1-38.5.3
Ссылки
- Link for SUSE-SU-2018:1425-1
- E-Mail link for SUSE-SU-2018:1425-1
- SUSE Security Ratings
- SUSE Bug 1054028
- SUSE Bug 1055851
- SUSE Bug 1081725
- SUSE CVE CVE-2017-7562 page
Описание
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:krb5-1.12.1-38.5.3
SUSE Linux Enterprise Server 12 SP1-LTSS:krb5-32bit-1.12.1-38.5.3
SUSE Linux Enterprise Server 12 SP1-LTSS:krb5-client-1.12.1-38.5.3
SUSE Linux Enterprise Server 12 SP1-LTSS:krb5-doc-1.12.1-38.5.3
Ссылки
- CVE-2017-7562
- SUSE Bug 1055851
- SUSE Bug 1056995