Описание
Security update for krb5
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
Список пакетов
Container caasp/v4/cilium-operator:1.6.6
krb5-1.16.3-150100.3.27.1
Container caasp/v4/cilium:1.6.6
krb5-1.16.3-150100.3.27.1
Container caasp/v4/helm-tiller:2.16.12
krb5-1.16.3-150100.3.27.1
Container suse/sle15:15.1
krb5-1.16.3-150100.3.27.1
Container suse/sle15:15.2
krb5-1.16.3-150100.3.27.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP2-BYOS-Azure
krb5-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP2-HPC-BYOS-Azure
krb5-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP2-SAP-Azure
krb5-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP2-SAP-BYOS-Azure
krb5-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
krb5-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP2-SAP-BYOS-GCE
krb5-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP2-SAP-EC2-HVM
krb5-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
Image SLES15-SP2-SAP-GCE
krb5-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
SUSE Enterprise Storage 6
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Enterprise Storage 7
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Linux Enterprise Server 15 SP1-BCL
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Linux Enterprise Server 15 SP1-LTSS
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Linux Enterprise Server 15 SP2-BCL
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Linux Enterprise Server 15 SP2-LTSS
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Manager Proxy 4.1
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Manager Retail Branch Server 4.1
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
SUSE Manager Server 4.1
krb5-1.16.3-150100.3.27.1
krb5-32bit-1.16.3-150100.3.27.1
krb5-client-1.16.3-150100.3.27.1
krb5-devel-1.16.3-150100.3.27.1
krb5-plugin-kdb-ldap-1.16.3-150100.3.27.1
krb5-plugin-preauth-otp-1.16.3-150100.3.27.1
krb5-plugin-preauth-pkinit-1.16.3-150100.3.27.1
krb5-server-1.16.3-150100.3.27.1
Ссылки
- Link for SUSE-SU-2022:4155-1
- E-Mail link for SUSE-SU-2022:4155-1
- SUSE Security Ratings
- SUSE Bug 1205126
- SUSE CVE CVE-2022-42898 page
Описание
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
Затронутые продукты
Container caasp/v4/cilium-operator:1.6.6:krb5-1.16.3-150100.3.27.1
Container caasp/v4/cilium:1.6.6:krb5-1.16.3-150100.3.27.1
Container caasp/v4/helm-tiller:2.16.12:krb5-1.16.3-150100.3.27.1
Container suse/sle15:15.1:krb5-1.16.3-150100.3.27.1
Ссылки
- CVE-2022-42898
- SUSE Bug 1205126
- SUSE Bug 1205667
- SUSE Bug 1207423
- SUSE Bug 1207690
- SUSE Bug 1211487
- SUSE Bug 1225675