openSUSE-SU-2021:2800-1

Опубликовано: 20 авг. 2021

Источник: suse-cvrf

Описание

Security update for krb5

This update for krb5 fixes the following issues:

CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

Список пакетов

openSUSE Leap 15.3

krb5-1.16.3-3.21.1

krb5-32bit-1.16.3-3.21.1

krb5-client-1.16.3-3.21.1

krb5-devel-1.16.3-3.21.1

krb5-devel-32bit-1.16.3-3.21.1

krb5-mini-1.16.3-3.21.1

krb5-mini-devel-1.16.3-3.21.1

krb5-plugin-kdb-ldap-1.16.3-3.21.1

krb5-plugin-preauth-otp-1.16.3-3.21.1

krb5-plugin-preauth-pkinit-1.16.3-3.21.1

krb5-server-1.16.3-3.21.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/22SNDEWZFK4UZGGV35YI72FNLVIRJTIF/
E-Mail link for openSUSE-SU-2021:2800-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1188571
SUSE Bug 1188571
https://www.suse.com/security/cve/CVE-2021-36222/
SUSE CVE CVE-2021-36222 page

Описание

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

Затронутые продукты

openSUSE Leap 15.3:krb5-1.16.3-3.21.1

openSUSE Leap 15.3:krb5-32bit-1.16.3-3.21.1

openSUSE Leap 15.3:krb5-client-1.16.3-3.21.1

openSUSE Leap 15.3:krb5-devel-1.16.3-3.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-36222.html
CVE-2021-36222
https://bugzilla.suse.com/1188571
SUSE Bug 1188571

openSUSE-SU-2021:2800-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-36222

Описание

Затронутые продукты

Ссылки