Описание
Security update for krb5
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
Список пакетов
Container suse/sles12sp4:latest
krb5-1.12.5-40.43.1
SUSE Linux Enterprise Server 12 SP2-BCL
krb5-1.12.5-40.43.1
krb5-32bit-1.12.5-40.43.1
krb5-client-1.12.5-40.43.1
krb5-doc-1.12.5-40.43.1
krb5-plugin-kdb-ldap-1.12.5-40.43.1
krb5-plugin-preauth-otp-1.12.5-40.43.1
krb5-plugin-preauth-pkinit-1.12.5-40.43.1
krb5-server-1.12.5-40.43.1
SUSE Linux Enterprise Server 12 SP3-BCL
krb5-1.12.5-40.43.1
krb5-32bit-1.12.5-40.43.1
krb5-client-1.12.5-40.43.1
krb5-doc-1.12.5-40.43.1
krb5-plugin-kdb-ldap-1.12.5-40.43.1
krb5-plugin-preauth-otp-1.12.5-40.43.1
krb5-plugin-preauth-pkinit-1.12.5-40.43.1
krb5-server-1.12.5-40.43.1
SUSE Linux Enterprise Server 12 SP4-LTSS
krb5-1.12.5-40.43.1
krb5-32bit-1.12.5-40.43.1
krb5-client-1.12.5-40.43.1
krb5-doc-1.12.5-40.43.1
krb5-plugin-kdb-ldap-1.12.5-40.43.1
krb5-plugin-preauth-otp-1.12.5-40.43.1
krb5-plugin-preauth-pkinit-1.12.5-40.43.1
krb5-server-1.12.5-40.43.1
SUSE Linux Enterprise Server 12 SP5
krb5-1.12.5-40.43.1
krb5-32bit-1.12.5-40.43.1
krb5-client-1.12.5-40.43.1
krb5-doc-1.12.5-40.43.1
krb5-plugin-kdb-ldap-1.12.5-40.43.1
krb5-plugin-preauth-otp-1.12.5-40.43.1
krb5-plugin-preauth-pkinit-1.12.5-40.43.1
krb5-server-1.12.5-40.43.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
krb5-1.12.5-40.43.1
krb5-32bit-1.12.5-40.43.1
krb5-client-1.12.5-40.43.1
krb5-doc-1.12.5-40.43.1
krb5-plugin-kdb-ldap-1.12.5-40.43.1
krb5-plugin-preauth-otp-1.12.5-40.43.1
krb5-plugin-preauth-pkinit-1.12.5-40.43.1
krb5-server-1.12.5-40.43.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
krb5-1.12.5-40.43.1
krb5-32bit-1.12.5-40.43.1
krb5-client-1.12.5-40.43.1
krb5-doc-1.12.5-40.43.1
krb5-plugin-kdb-ldap-1.12.5-40.43.1
krb5-plugin-preauth-otp-1.12.5-40.43.1
krb5-plugin-preauth-pkinit-1.12.5-40.43.1
krb5-server-1.12.5-40.43.1
SUSE Linux Enterprise Software Development Kit 12 SP5
krb5-devel-1.12.5-40.43.1
SUSE OpenStack Cloud 9
krb5-1.12.5-40.43.1
krb5-32bit-1.12.5-40.43.1
krb5-client-1.12.5-40.43.1
krb5-doc-1.12.5-40.43.1
krb5-plugin-kdb-ldap-1.12.5-40.43.1
krb5-plugin-preauth-otp-1.12.5-40.43.1
krb5-plugin-preauth-pkinit-1.12.5-40.43.1
krb5-server-1.12.5-40.43.1
SUSE OpenStack Cloud Crowbar 9
krb5-1.12.5-40.43.1
krb5-32bit-1.12.5-40.43.1
krb5-client-1.12.5-40.43.1
krb5-doc-1.12.5-40.43.1
krb5-plugin-kdb-ldap-1.12.5-40.43.1
krb5-plugin-preauth-otp-1.12.5-40.43.1
krb5-plugin-preauth-pkinit-1.12.5-40.43.1
krb5-server-1.12.5-40.43.1
Ссылки
- Link for SUSE-SU-2022:4335-1
- E-Mail link for SUSE-SU-2022:4335-1
- SUSE Security Ratings
- SUSE Bug 1205126
- SUSE CVE CVE-2022-42898 page
Описание
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
Затронутые продукты
Container suse/sles12sp4:latest:krb5-1.12.5-40.43.1
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-1.12.5-40.43.1
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-32bit-1.12.5-40.43.1
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-client-1.12.5-40.43.1
Ссылки
- CVE-2022-42898
- SUSE Bug 1205126
- SUSE Bug 1205667
- SUSE Bug 1207423
- SUSE Bug 1207690
- SUSE Bug 1211487
- SUSE Bug 1225675