Описание
Security update for krb5
This update for krb5 fixes the following issues:
Security issue fixed:
- CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489)
Список пакетов
Container caasp/v4/default-http-backend:beta1
krb5-1.12.5-40.31.1
Container caasp/v4/dnsmasq-nanny:2.78
krb5-1.12.5-40.31.1
Container caasp/v4/flannel:0.9.1
krb5-1.12.5-40.31.1
Container caasp/v4/haproxy:beta1
krb5-1.12.5-40.31.1
Container caasp/v4/kubedns:beta1
krb5-1.12.5-40.31.1
Container caasp/v4/nginx-ingress-controller:beta1
krb5-1.12.5-40.31.1
Container caasp/v4/openldap:beta1
krb5-1.12.5-40.31.1
Container caasp/v4/pause:1.0.0
krb5-1.12.5-40.31.1
Container caasp/v4/pv-recycler-node:8.25
krb5-1.12.5-40.31.1
Container caasp/v4/salt-api:beta1
krb5-1.12.5-40.31.1
Container caasp/v4/salt-master:beta1
krb5-1.12.5-40.31.1
Container caasp/v4/salt-minion:beta1
krb5-1.12.5-40.31.1
Container caasp/v4/sidecar:beta1
krb5-1.12.5-40.31.1
Container caasp/v4/velum:4.0.0
krb5-1.12.5-40.31.1
Container suse/sles12sp3:latest
krb5-1.12.5-40.31.1
Container suse/sles12sp4:latest
krb5-1.12.5-40.31.1
Image SLES12-SP5-OCI-BYOS-BYOS
krb5-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
krb5-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
SUSE Enterprise Storage 4
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
krb5-doc-1.12.5-40.31.1
krb5-plugin-kdb-ldap-1.12.5-40.31.1
krb5-plugin-preauth-otp-1.12.5-40.31.1
krb5-plugin-preauth-pkinit-1.12.5-40.31.1
krb5-server-1.12.5-40.31.1
SUSE Linux Enterprise Desktop 12 SP3
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
SUSE Linux Enterprise Desktop 12 SP4
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
SUSE Linux Enterprise Server 12 SP2-BCL
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
krb5-doc-1.12.5-40.31.1
krb5-plugin-kdb-ldap-1.12.5-40.31.1
krb5-plugin-preauth-otp-1.12.5-40.31.1
krb5-plugin-preauth-pkinit-1.12.5-40.31.1
krb5-server-1.12.5-40.31.1
SUSE Linux Enterprise Server 12 SP2-LTSS
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
krb5-doc-1.12.5-40.31.1
krb5-plugin-kdb-ldap-1.12.5-40.31.1
krb5-plugin-preauth-otp-1.12.5-40.31.1
krb5-plugin-preauth-pkinit-1.12.5-40.31.1
krb5-server-1.12.5-40.31.1
SUSE Linux Enterprise Server 12 SP3
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
krb5-doc-1.12.5-40.31.1
krb5-plugin-kdb-ldap-1.12.5-40.31.1
krb5-plugin-preauth-otp-1.12.5-40.31.1
krb5-plugin-preauth-pkinit-1.12.5-40.31.1
krb5-server-1.12.5-40.31.1
SUSE Linux Enterprise Server 12 SP4
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
krb5-doc-1.12.5-40.31.1
krb5-plugin-kdb-ldap-1.12.5-40.31.1
krb5-plugin-preauth-otp-1.12.5-40.31.1
krb5-plugin-preauth-pkinit-1.12.5-40.31.1
krb5-server-1.12.5-40.31.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
krb5-doc-1.12.5-40.31.1
krb5-plugin-kdb-ldap-1.12.5-40.31.1
krb5-plugin-preauth-otp-1.12.5-40.31.1
krb5-plugin-preauth-pkinit-1.12.5-40.31.1
krb5-server-1.12.5-40.31.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
krb5-doc-1.12.5-40.31.1
krb5-plugin-kdb-ldap-1.12.5-40.31.1
krb5-plugin-preauth-otp-1.12.5-40.31.1
krb5-plugin-preauth-pkinit-1.12.5-40.31.1
krb5-server-1.12.5-40.31.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
krb5-doc-1.12.5-40.31.1
krb5-plugin-kdb-ldap-1.12.5-40.31.1
krb5-plugin-preauth-otp-1.12.5-40.31.1
krb5-plugin-preauth-pkinit-1.12.5-40.31.1
krb5-server-1.12.5-40.31.1
SUSE Linux Enterprise Software Development Kit 12 SP3
krb5-devel-1.12.5-40.31.1
SUSE Linux Enterprise Software Development Kit 12 SP4
krb5-devel-1.12.5-40.31.1
SUSE OpenStack Cloud 7
krb5-1.12.5-40.31.1
krb5-32bit-1.12.5-40.31.1
krb5-client-1.12.5-40.31.1
krb5-doc-1.12.5-40.31.1
krb5-plugin-kdb-ldap-1.12.5-40.31.1
krb5-plugin-preauth-otp-1.12.5-40.31.1
krb5-plugin-preauth-pkinit-1.12.5-40.31.1
krb5-server-1.12.5-40.31.1
Ссылки
- Link for SUSE-SU-2019:0111-1
- E-Mail link for SUSE-SU-2019:0111-1
- SUSE Security Ratings
- SUSE Bug 1120489
- SUSE CVE CVE-2018-20217 page
Описание
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Затронутые продукты
Container caasp/v4/default-http-backend:beta1:krb5-1.12.5-40.31.1
Container caasp/v4/dnsmasq-nanny:2.78:krb5-1.12.5-40.31.1
Container caasp/v4/flannel:0.9.1:krb5-1.12.5-40.31.1
Container caasp/v4/haproxy:beta1:krb5-1.12.5-40.31.1
Ссылки
- CVE-2018-20217
- SUSE Bug 1120489