Context Navigation

← Previous Ticket
Next Ticket →

#17313 closed enhancement (fixed)

krb5-1.20.1

Reported by:	Bruce Dubbs	Owned by:	Bruce Dubbs
Priority:	elevated	Milestone:	11.3
Component:	BOOK	Version:	git
Severity:	normal	Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Bruce Dubbs, 17 months ago

Owner:	changed from blfs-book to Bruce Dubbs
Status:	new → assigned

comment:2 by Bruce Dubbs, 17 months ago

Major changes in 1.20.1 (2022-11-15)

Fix integer overflows in PAC parsing [CVE-2022-42898].
Fix null deref in KDC when decoding invalid NDR.
Fix memory leak in OTP kdcpreauth module.
Fix PKCS11 module path search.

The CVE is where Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap.

It does not seem to affect 64-bit systems.

comment:3 by Bruce Dubbs, 17 months ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at commits

de8ae35b4a Update to nghttp2-1.51.0.
11672910e0 Update to xfsprogs-6.0.0.
7756281c69 Update to sysstat-12.7.1.
e0e8726f9b U:pdate to krb5-1.20.1.

comment:4 by Douglas R. Reno, 17 months ago

Priority:	normal → elevated

comment:5 by Douglas R. Reno, 17 months ago

Issued SA-11.2-044

Note: See TracTickets for help on using tickets.

Download in other formats: