1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5286-1] krb5 security update

    From Salvatore Bonaccorso@21:1/5 to All on Sat Nov 19 14:40:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5286-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : krb5
    CVE ID : CVE-2022-42898
    Debian Bug : 1024267

    Greg Hudson discovered integer overflow flaws in the PAC parsing in
    krb5, the MIT implementation of Kerberos, which may result in remote
    code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting
    maliciously), or denial of service (KDC or kadmind process crash).

    For the stable distribution (bullseye), this problem has been fixed in
    version 1.18.3-6+deb11u3.

    We recommend that you upgrade your krb5 packages.

    For the detailed security status of krb5 please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/krb5

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmN42JdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Ts8Q//XhOs3bCQ+xCaIy0cXiNxk4JwzjvBuBdWb5gdmavqO/yS31IfaM3s7WlV A6Y9g00qGjhtPyHbDTTu68gYQv5EuoVFZjYA3M51vdM+PxRN6po0QMvANAHhp1ow GbFkEflZblMqPHMsMuDt3C6D2hr+5aCOyNY4V20BJuLOkoKa8RBtxKo0Lcq1j5V2 PjLgX+dEvaz6ORpBGdNENmZFAwgllB1pXMoobLLJWLsaEvUrl6pQhwXRs+s5LHKr hAvhHnacShPNVgHq6uJ5s0PGsXlf/BeN2hWzQzgj16My+x3VbVc6TCHv5sD5L615 DiwXwC4sNIl1KYYd04Fnyi87Tpnp7fowyfgluPYLUAGX7srilCpmb8XBKeUHwlxG LWTYvlECryucUOWFMph6K/aHTIIItraqeFCQsGDcPa5x//LsF4RcfPt49u6jcig9 e6koCej6+DrBIvf8vDUyyDB8V4kk2jN4pzeTjpMiKAY8WBnBxQwfGGCGAu3FEoOk ijtxbLje+1DsgKivwEiakgg6rcabQ6yZmuK0Aspi/kw8U55ecr7lntBM03nfb8yr nfgDGWEaRkAAhEft80ajaC7Ym1tveDaq8FAiA4uk07FgOVF+iO3XX77zwrVuh2SP lsaeTC7AnRYIfqy6emRHLAVG9SJP+WMSiggi1SOEQaL1AN5YirQ=
    =dMbH
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)