Univention Bugzilla – Bug 53610
krb5: Multiple issues (5.0)
Last modified: 2021-07-28 19:10:15 CEST
New Debian krb5 1.17-3+deb10u2 fixes: This update addresses the following issue: * sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in null dereference in the KDC which leads to DoS (CVE-2021-36222)
--- mirror/ftp/pool/main/k/krb5/krb5_1.17-3+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/krb5_1.17-3+deb10u2.dsc @@ -1,3 +1,7 @@ +1.17-3+deb10u2 [Thu, 22 Jul 2021 18:11:15 -0700] Benjamin Kaduk <kaduk@mit.edu>: + + * Import upstream patch for CVE-2021-36222, Closes: #991365 + 1.17-3+deb10u1 [Thu, 19 Nov 2020 17:42:57 +0100] Moritz Mühlenhoff <jmm@debian.org>: * CVE-2020-28196 (Closes: #973880) <http://piuparts.knut.univention.de/5.0-0/#4642853011782837276>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x54>