Описание
Security update for krb5
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
krb5-1.12.5-40.52.1
krb5-32bit-1.12.5-40.52.1
krb5-client-1.12.5-40.52.1
krb5-doc-1.12.5-40.52.1
krb5-plugin-kdb-ldap-1.12.5-40.52.1
krb5-plugin-preauth-otp-1.12.5-40.52.1
krb5-plugin-preauth-pkinit-1.12.5-40.52.1
krb5-server-1.12.5-40.52.1
SUSE Linux Enterprise Server 12 SP5
krb5-1.12.5-40.52.1
krb5-32bit-1.12.5-40.52.1
krb5-client-1.12.5-40.52.1
krb5-doc-1.12.5-40.52.1
krb5-plugin-kdb-ldap-1.12.5-40.52.1
krb5-plugin-preauth-otp-1.12.5-40.52.1
krb5-plugin-preauth-pkinit-1.12.5-40.52.1
krb5-server-1.12.5-40.52.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
krb5-1.12.5-40.52.1
krb5-32bit-1.12.5-40.52.1
krb5-client-1.12.5-40.52.1
krb5-doc-1.12.5-40.52.1
krb5-plugin-kdb-ldap-1.12.5-40.52.1
krb5-plugin-preauth-otp-1.12.5-40.52.1
krb5-plugin-preauth-pkinit-1.12.5-40.52.1
krb5-server-1.12.5-40.52.1
SUSE Linux Enterprise Software Development Kit 12 SP5
krb5-devel-1.12.5-40.52.1
Ссылки
- Link for SUSE-SU-2023:3398-1
- E-Mail link for SUSE-SU-2023:3398-1
- SUSE Security Ratings
- SUSE Bug 1214054
- SUSE CVE CVE-2023-36054 page
Описание
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-1.12.5-40.52.1
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-32bit-1.12.5-40.52.1
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-client-1.12.5-40.52.1
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-doc-1.12.5-40.52.1
Ссылки
- CVE-2023-36054
- SUSE Bug 1214054
- SUSE Bug 1217441
- SUSE Bug 1217443
- SUSE Bug 1218348
- SUSE Bug 1219472
- SUSE Bug 1219710