Описание
Security update for krb5-appl
This update for krb5-appl fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in krb5-appl telnetd (bsc#1203759).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2022:3471-1
- E-Mail link for SUSE-SU-2022:3471-1
- SUSE Security Ratings
- SUSE Bug 1203759
- SUSE CVE CVE-2022-39028 page
Описание
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
Затронутые продукты
Ссылки
- CVE-2022-39028
- SUSE Bug 1203759
- SUSE Bug 1204804
- SUSE Bug 1205079
- SUSE Bug 1205326
- SUSE Bug 1205569
- SUSE Bug 1205622
- SUSE Bug 1206246