Univention Bugzilla – Bug 55474
krb5: Multiple issues (5.0)
Last modified: 2022-12-07 17:57:56 CET
New Debian krb5 1.17-3+deb10u5 fixes: This update addresses the following issue: 1.17-3+deb10u4 (Tue, 23 Aug 2022 14:28:40 -0600) * Use SHA256 as Pkinit CMS Digest, * integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)
--- mirror/ftp/pool/main/k/krb5/krb5_1.17-3+deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/krb5_1.17-3+deb10u5.dsc @@ -1,3 +1,14 @@ +1.17-3+deb10u5 [Tue, 29 Nov 2022 12:10:12 +0000] Chris Lamb <lamby@debian.org>: + + * Non-maintainer upload by the Debian LTS team. + * CVE-2022-42898: Prevent integer overflows in PAC parsing; potentially + critical for 32-bit KDCs or when cross-realm acts maliciously. + (Closes: #1024267) + +1.17-3+deb10u4 [Tue, 23 Aug 2022 14:28:40 -0600] Sam Hartman <hartmans@debian.org>: + + * Use SHA256 as Pkinit CMS Digest, Closes: #1017995 + 1.17-3+deb10u3 [Sun, 29 Aug 2021 16:23:02 -0600] Sam Hartman <hartmans@debian.org>: * Fix KDC null dereference crash on FAST request with no server field, <http://piuparts.knut.univention.de/5.0-2/#4642853011779589701>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 90e197f001 Bug #55474: krb5 1.17-3+deb10u5 doc/errata/staging/krb5.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) [5.0-2] cf21fce5fa Bug #55474: krb5 1.17-3+deb10u5 doc/errata/staging/krb5.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x507>