Описание
Security update for krb5
This update for krb5 fixes the following issues:
- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
Список пакетов
Container suse/sle15:15.0
krb5-1.15.2-150000.6.17.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
krb5-1.15.2-150000.6.17.1
krb5-32bit-1.15.2-150000.6.17.1
krb5-client-1.15.2-150000.6.17.1
krb5-devel-1.15.2-150000.6.17.1
krb5-plugin-kdb-ldap-1.15.2-150000.6.17.1
krb5-plugin-preauth-otp-1.15.2-150000.6.17.1
krb5-plugin-preauth-pkinit-1.15.2-150000.6.17.1
krb5-server-1.15.2-150000.6.17.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
krb5-1.15.2-150000.6.17.1
krb5-32bit-1.15.2-150000.6.17.1
krb5-client-1.15.2-150000.6.17.1
krb5-devel-1.15.2-150000.6.17.1
krb5-plugin-kdb-ldap-1.15.2-150000.6.17.1
krb5-plugin-preauth-otp-1.15.2-150000.6.17.1
krb5-plugin-preauth-pkinit-1.15.2-150000.6.17.1
krb5-server-1.15.2-150000.6.17.1
SUSE Linux Enterprise Server 15-LTSS
krb5-1.15.2-150000.6.17.1
krb5-32bit-1.15.2-150000.6.17.1
krb5-client-1.15.2-150000.6.17.1
krb5-devel-1.15.2-150000.6.17.1
krb5-plugin-kdb-ldap-1.15.2-150000.6.17.1
krb5-plugin-preauth-otp-1.15.2-150000.6.17.1
krb5-plugin-preauth-pkinit-1.15.2-150000.6.17.1
krb5-server-1.15.2-150000.6.17.1
SUSE Linux Enterprise Server for SAP Applications 15
krb5-1.15.2-150000.6.17.1
krb5-32bit-1.15.2-150000.6.17.1
krb5-client-1.15.2-150000.6.17.1
krb5-devel-1.15.2-150000.6.17.1
krb5-plugin-kdb-ldap-1.15.2-150000.6.17.1
krb5-plugin-preauth-otp-1.15.2-150000.6.17.1
krb5-plugin-preauth-pkinit-1.15.2-150000.6.17.1
krb5-server-1.15.2-150000.6.17.1
Ссылки
- Link for SUSE-SU-2022:4154-1
- E-Mail link for SUSE-SU-2022:4154-1
- SUSE Security Ratings
- SUSE Bug 1189929
- SUSE Bug 1205126
- SUSE CVE CVE-2021-37750 page
- SUSE CVE CVE-2022-42898 page
Описание
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
Затронутые продукты
Container suse/sle15:15.0:krb5-1.15.2-150000.6.17.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:krb5-1.15.2-150000.6.17.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:krb5-32bit-1.15.2-150000.6.17.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:krb5-client-1.15.2-150000.6.17.1
Ссылки
- CVE-2021-37750
- SUSE Bug 1189929
Описание
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
Затронутые продукты
Container suse/sle15:15.0:krb5-1.15.2-150000.6.17.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:krb5-1.15.2-150000.6.17.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:krb5-32bit-1.15.2-150000.6.17.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:krb5-client-1.15.2-150000.6.17.1
Ссылки
- CVE-2022-42898
- SUSE Bug 1205126
- SUSE Bug 1205667
- SUSE Bug 1207423
- SUSE Bug 1207690
- SUSE Bug 1211487
- SUSE Bug 1225675