SUSE-SU-2022:4167-1

Опубликовано: 22 нояб. 2022

Источник: suse-cvrf

Описание

Security update for krb5

This update for krb5 fixes the following issues:

CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

Список пакетов

Container bci/bci-init:15.3

krb5-1.19.2-150300.7.7.1

Container bci/dotnet-aspnet:3.1

krb5-1.19.2-150300.7.7.1

Container bci/dotnet-aspnet:5.0

krb5-1.19.2-150300.7.7.1

Container bci/dotnet-aspnet:latest

krb5-1.19.2-150300.7.7.1

Container bci/dotnet-runtime:3.1

krb5-1.19.2-150300.7.7.1

Container bci/dotnet-runtime:5.0

krb5-1.19.2-150300.7.7.1

Container bci/dotnet-runtime:latest

krb5-1.19.2-150300.7.7.1

Container bci/dotnet-sdk:3.1

krb5-1.19.2-150300.7.7.1

Container bci/dotnet-sdk:5.0

krb5-1.19.2-150300.7.7.1

Container bci/dotnet-sdk:latest

krb5-1.19.2-150300.7.7.1

Container bci/golang:1.16

krb5-1.19.2-150300.7.7.1

Container bci/golang:1.17

krb5-1.19.2-150300.7.7.1

Container bci/golang:latest

krb5-1.19.2-150300.7.7.1

Container bci/node:12

krb5-1.19.2-150300.7.7.1

Container bci/node:14

krb5-1.19.2-150300.7.7.1

Container bci/nodejs:latest

krb5-1.19.2-150300.7.7.1

Container bci/openjdk-devel:11

krb5-1.19.2-150300.7.7.1

Container bci/openjdk:latest

krb5-1.19.2-150300.7.7.1

Container bci/python:3

krb5-1.19.2-150300.7.7.1

Container bci/ruby:latest

krb5-1.19.2-150300.7.7.1

Container ses/7.1/ceph/grafana:latest

krb5-1.19.2-150300.7.7.1

Container ses/7.1/ceph/haproxy:latest

krb5-1.19.2-150300.7.7.1

Container ses/7.1/ceph/keepalived:latest

krb5-1.19.2-150300.7.7.1

Container ses/7.1/ceph/prometheus-alertmanager:latest

krb5-1.19.2-150300.7.7.1

Container ses/7.1/ceph/prometheus-node-exporter:latest

krb5-1.19.2-150300.7.7.1

Container ses/7.1/ceph/prometheus-server:latest

krb5-1.19.2-150300.7.7.1

Container ses/7.1/ceph/prometheus-snmp_notifier:latest

krb5-1.19.2-150300.7.7.1

Container ses/7.1/cephcsi/cephcsi:latest

krb5-1.19.2-150300.7.7.1

Container ses/7.1/cephcsi/csi-attacher:v4.1.0

krb5-1.19.2-150300.7.7.1

Container ses/7.1/cephcsi/csi-node-driver-registrar:v2.7.0

krb5-1.19.2-150300.7.7.1

Container ses/7.1/cephcsi/csi-provisioner:v3.4.0

krb5-1.19.2-150300.7.7.1

Container ses/7.1/cephcsi/csi-resizer:v1.7.0

krb5-1.19.2-150300.7.7.1

Container ses/7.1/cephcsi/csi-snapshotter:v6.2.1

krb5-1.19.2-150300.7.7.1

Container ses/7.1/rook/ceph:latest

krb5-1.19.2-150300.7.7.1

Container suse/ltss/sle15.3/bci-base:latest

krb5-1.19.2-150300.7.7.1

Container suse/pcp:latest

krb5-1.19.2-150300.7.7.1

Container suse/rmt-mariadb-client:latest

krb5-1.19.2-150300.7.7.1

Container suse/rmt-mariadb:latest

krb5-1.19.2-150300.7.7.1

Container suse/rmt-nginx:latest

krb5-1.19.2-150300.7.7.1

Container suse/rmt-server:latest

krb5-1.19.2-150300.7.7.1

Container suse/sle-micro-rancher/5.2:latest

krb5-1.19.2-150300.7.7.1

Container suse/sle-micro/5.1/toolbox:latest

krb5-1.19.2-150300.7.7.1

Container suse/sle-micro/5.2/toolbox:latest

krb5-1.19.2-150300.7.7.1

Container suse/sle15:15.3

krb5-1.19.2-150300.7.7.1

Container trento/trento-db:latest

krb5-1.19.2-150300.7.7.1

Container trento/trento-runner:latest

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-BYOS-Azure

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-BYOS-EC2-HVM

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-BYOS-GCE

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-CHOST-BYOS-Azure

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-CHOST-BYOS-EC2

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-CHOST-BYOS-GCE

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-EC2-ECS-HVM

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-EC2-HVM

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-GCE

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-HPC-Azure

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-HPC-BYOS-Azure

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-HPC-BYOS-GCE

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

krb5-1.19.2-150300.7.7.1

Image SLES15-SP3-SAP-Azure

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-SAP-BYOS-Azure

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-SAP-BYOS-GCE

krb5-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-SAP-EC2-HVM

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-SAP-GCE

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-SAPCAL-Azure

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-SAPCAL-EC2-HVM

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

Image SLES15-SP3-SAPCAL-GCE

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

SUSE Linux Enterprise Micro 5.1

krb5-1.19.2-150300.7.7.1

SUSE Linux Enterprise Micro 5.2

krb5-1.19.2-150300.7.7.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

krb5-devel-1.19.2-150300.7.7.1

krb5-plugin-preauth-otp-1.19.2-150300.7.7.1

krb5-plugin-preauth-pkinit-1.19.2-150300.7.7.1

krb5-plugin-preauth-spake-1.19.2-150300.7.7.1

SUSE Linux Enterprise Module for Server Applications 15 SP3

krb5-plugin-kdb-ldap-1.19.2-150300.7.7.1

krb5-server-1.19.2-150300.7.7.1

openSUSE Leap 15.3

krb5-1.19.2-150300.7.7.1

krb5-32bit-1.19.2-150300.7.7.1

krb5-client-1.19.2-150300.7.7.1

krb5-devel-1.19.2-150300.7.7.1

krb5-devel-32bit-1.19.2-150300.7.7.1

krb5-mini-1.19.2-150300.7.7.1

krb5-mini-devel-1.19.2-150300.7.7.1

krb5-plugin-kdb-ldap-1.19.2-150300.7.7.1

krb5-plugin-preauth-otp-1.19.2-150300.7.7.1

krb5-plugin-preauth-pkinit-1.19.2-150300.7.7.1

krb5-plugin-preauth-spake-1.19.2-150300.7.7.1

krb5-server-1.19.2-150300.7.7.1

openSUSE Leap Micro 5.2

krb5-1.19.2-150300.7.7.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224167-1/
Link for SUSE-SU-2022:4167-1
https://lists.suse.com/pipermail/sle-security-updates/2022-November/013065.html
E-Mail link for SUSE-SU-2022:4167-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1205126
SUSE Bug 1205126
https://www.suse.com/security/cve/CVE-2022-42898/
SUSE CVE CVE-2022-42898 page

Описание

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

Затронутые продукты

Container bci/bci-init:15.3:krb5-1.19.2-150300.7.7.1

Container bci/dotnet-aspnet:3.1:krb5-1.19.2-150300.7.7.1

Container bci/dotnet-aspnet:5.0:krb5-1.19.2-150300.7.7.1

Container bci/dotnet-aspnet:latest:krb5-1.19.2-150300.7.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-42898.html
CVE-2022-42898
https://bugzilla.suse.com/1205126
SUSE Bug 1205126
https://bugzilla.suse.com/1205667
SUSE Bug 1205667
https://bugzilla.suse.com/1207423
SUSE Bug 1207423
https://bugzilla.suse.com/1207690
SUSE Bug 1207690
https://bugzilla.suse.com/1211487
SUSE Bug 1211487
https://bugzilla.suse.com/1225675
SUSE Bug 1225675