Univention Bugzilla – Bug 53899
krb5: Multiple issues (5.0)
Last modified: 2021-10-13 16:18:40 CEST
New Debian krb5 1.17-3+deb10u3 fixes: This update addresses the following issue: * NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750)
--- mirror/ftp/pool/main/k/krb5/krb5_1.17-3+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/krb5_1.17-3+deb10u3.dsc @@ -1,3 +1,10 @@ +1.17-3+deb10u3 [Sun, 29 Aug 2021 16:23:02 -0600] Sam Hartman <hartmans@debian.org>: + + * Fix KDC null dereference crash on FAST request with no server field, + CVE-2021-37750, Closes: #992607 + * Fix memory leak in krb5_gss_inquire_cred, Closes: #991140 + + 1.17-3+deb10u2 [Thu, 22 Jul 2021 18:11:15 -0700] Benjamin Kaduk <kaduk@mit.edu>: * Import upstream patch for CVE-2021-36222, Closes: #991365 <http://piuparts.knut.univention.de/5.0-0/#4642853011781754751>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] a876c39d89 Bug #53899: krb5 1.17-3+deb10u3 doc/errata/staging/krb5.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x119>