Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2022-8648-01

Red Hat Security Advisory 2022-8648-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Packet Storm
#vulnerability#linux#red_hat#ldap#auth#sap

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: krb5 security update
Advisory ID: RHSA-2022:8648-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8648
Issue date: 2022-11-28
CVE Names: CVE-2022-42898
====================================================================

  1. Summary:

An update for krb5 is now available for Red Hat Enterprise Linux 8.2
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

  1. Description:

Kerberos is a network authentication system, which can improve the security
of your network by eliminating the insecure practice of sending passwords
over the network in unencrypted form. It allows clients and servers to
authenticate to each other with the help of a trusted third party, the
Kerberos key distribution center (KDC).

Security Fix(es):

  • krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, running Kerberos services (krb5kdc,
kadmin, and kprop) will be restarted automatically.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing

  1. Package List:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2):

Source:
krb5-1.17-19.el8_2.src.rpm

aarch64:
krb5-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-debugsource-1.17-19.el8_2.aarch64.rpm
krb5-devel-1.17-19.el8_2.aarch64.rpm
krb5-devel-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-libs-1.17-19.el8_2.aarch64.rpm
krb5-libs-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-pkinit-1.17-19.el8_2.aarch64.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-server-1.17-19.el8_2.aarch64.rpm
krb5-server-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-server-ldap-1.17-19.el8_2.aarch64.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-workstation-1.17-19.el8_2.aarch64.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.aarch64.rpm
libkadm5-1.17-19.el8_2.aarch64.rpm
libkadm5-debuginfo-1.17-19.el8_2.aarch64.rpm

ppc64le:
krb5-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-debugsource-1.17-19.el8_2.ppc64le.rpm
krb5-devel-1.17-19.el8_2.ppc64le.rpm
krb5-devel-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-libs-1.17-19.el8_2.ppc64le.rpm
krb5-libs-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-pkinit-1.17-19.el8_2.ppc64le.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-server-1.17-19.el8_2.ppc64le.rpm
krb5-server-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-server-ldap-1.17-19.el8_2.ppc64le.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-workstation-1.17-19.el8_2.ppc64le.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.ppc64le.rpm
libkadm5-1.17-19.el8_2.ppc64le.rpm
libkadm5-debuginfo-1.17-19.el8_2.ppc64le.rpm

s390x:
krb5-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-debugsource-1.17-19.el8_2.s390x.rpm
krb5-devel-1.17-19.el8_2.s390x.rpm
krb5-devel-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-libs-1.17-19.el8_2.s390x.rpm
krb5-libs-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-pkinit-1.17-19.el8_2.s390x.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-server-1.17-19.el8_2.s390x.rpm
krb5-server-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-server-ldap-1.17-19.el8_2.s390x.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-workstation-1.17-19.el8_2.s390x.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.s390x.rpm
libkadm5-1.17-19.el8_2.s390x.rpm
libkadm5-debuginfo-1.17-19.el8_2.s390x.rpm

x86_64:
krb5-debuginfo-1.17-19.el8_2.i686.rpm
krb5-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-debugsource-1.17-19.el8_2.i686.rpm
krb5-debugsource-1.17-19.el8_2.x86_64.rpm
krb5-devel-1.17-19.el8_2.i686.rpm
krb5-devel-1.17-19.el8_2.x86_64.rpm
krb5-devel-debuginfo-1.17-19.el8_2.i686.rpm
krb5-devel-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-libs-1.17-19.el8_2.i686.rpm
krb5-libs-1.17-19.el8_2.x86_64.rpm
krb5-libs-debuginfo-1.17-19.el8_2.i686.rpm
krb5-libs-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-pkinit-1.17-19.el8_2.i686.rpm
krb5-pkinit-1.17-19.el8_2.x86_64.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.i686.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-server-1.17-19.el8_2.i686.rpm
krb5-server-1.17-19.el8_2.x86_64.rpm
krb5-server-debuginfo-1.17-19.el8_2.i686.rpm
krb5-server-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-server-ldap-1.17-19.el8_2.i686.rpm
krb5-server-ldap-1.17-19.el8_2.x86_64.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.i686.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-workstation-1.17-19.el8_2.x86_64.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.i686.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.x86_64.rpm
libkadm5-1.17-19.el8_2.i686.rpm
libkadm5-1.17-19.el8_2.x86_64.rpm
libkadm5-debuginfo-1.17-19.el8_2.i686.rpm
libkadm5-debuginfo-1.17-19.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:
krb5-1.17-19.el8_2.src.rpm

aarch64:
krb5-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-debugsource-1.17-19.el8_2.aarch64.rpm
krb5-devel-1.17-19.el8_2.aarch64.rpm
krb5-devel-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-libs-1.17-19.el8_2.aarch64.rpm
krb5-libs-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-pkinit-1.17-19.el8_2.aarch64.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-server-1.17-19.el8_2.aarch64.rpm
krb5-server-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-server-ldap-1.17-19.el8_2.aarch64.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-workstation-1.17-19.el8_2.aarch64.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.aarch64.rpm
libkadm5-1.17-19.el8_2.aarch64.rpm
libkadm5-debuginfo-1.17-19.el8_2.aarch64.rpm

ppc64le:
krb5-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-debugsource-1.17-19.el8_2.ppc64le.rpm
krb5-devel-1.17-19.el8_2.ppc64le.rpm
krb5-devel-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-libs-1.17-19.el8_2.ppc64le.rpm
krb5-libs-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-pkinit-1.17-19.el8_2.ppc64le.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-server-1.17-19.el8_2.ppc64le.rpm
krb5-server-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-server-ldap-1.17-19.el8_2.ppc64le.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-workstation-1.17-19.el8_2.ppc64le.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.ppc64le.rpm
libkadm5-1.17-19.el8_2.ppc64le.rpm
libkadm5-debuginfo-1.17-19.el8_2.ppc64le.rpm

s390x:
krb5-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-debugsource-1.17-19.el8_2.s390x.rpm
krb5-devel-1.17-19.el8_2.s390x.rpm
krb5-devel-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-libs-1.17-19.el8_2.s390x.rpm
krb5-libs-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-pkinit-1.17-19.el8_2.s390x.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-server-1.17-19.el8_2.s390x.rpm
krb5-server-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-server-ldap-1.17-19.el8_2.s390x.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-workstation-1.17-19.el8_2.s390x.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.s390x.rpm
libkadm5-1.17-19.el8_2.s390x.rpm
libkadm5-debuginfo-1.17-19.el8_2.s390x.rpm

x86_64:
krb5-debuginfo-1.17-19.el8_2.i686.rpm
krb5-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-debugsource-1.17-19.el8_2.i686.rpm
krb5-debugsource-1.17-19.el8_2.x86_64.rpm
krb5-devel-1.17-19.el8_2.i686.rpm
krb5-devel-1.17-19.el8_2.x86_64.rpm
krb5-devel-debuginfo-1.17-19.el8_2.i686.rpm
krb5-devel-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-libs-1.17-19.el8_2.i686.rpm
krb5-libs-1.17-19.el8_2.x86_64.rpm
krb5-libs-debuginfo-1.17-19.el8_2.i686.rpm
krb5-libs-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-pkinit-1.17-19.el8_2.i686.rpm
krb5-pkinit-1.17-19.el8_2.x86_64.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.i686.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-server-1.17-19.el8_2.i686.rpm
krb5-server-1.17-19.el8_2.x86_64.rpm
krb5-server-debuginfo-1.17-19.el8_2.i686.rpm
krb5-server-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-server-ldap-1.17-19.el8_2.i686.rpm
krb5-server-ldap-1.17-19.el8_2.x86_64.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.i686.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-workstation-1.17-19.el8_2.x86_64.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.i686.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.x86_64.rpm
libkadm5-1.17-19.el8_2.i686.rpm
libkadm5-1.17-19.el8_2.x86_64.rpm
libkadm5-debuginfo-1.17-19.el8_2.i686.rpm
libkadm5-debuginfo-1.17-19.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v. 8.2):

Source:
krb5-1.17-19.el8_2.src.rpm

aarch64:
krb5-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-debugsource-1.17-19.el8_2.aarch64.rpm
krb5-devel-1.17-19.el8_2.aarch64.rpm
krb5-devel-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-libs-1.17-19.el8_2.aarch64.rpm
krb5-libs-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-pkinit-1.17-19.el8_2.aarch64.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-server-1.17-19.el8_2.aarch64.rpm
krb5-server-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-server-ldap-1.17-19.el8_2.aarch64.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.aarch64.rpm
krb5-workstation-1.17-19.el8_2.aarch64.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.aarch64.rpm
libkadm5-1.17-19.el8_2.aarch64.rpm
libkadm5-debuginfo-1.17-19.el8_2.aarch64.rpm

ppc64le:
krb5-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-debugsource-1.17-19.el8_2.ppc64le.rpm
krb5-devel-1.17-19.el8_2.ppc64le.rpm
krb5-devel-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-libs-1.17-19.el8_2.ppc64le.rpm
krb5-libs-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-pkinit-1.17-19.el8_2.ppc64le.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-server-1.17-19.el8_2.ppc64le.rpm
krb5-server-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-server-ldap-1.17-19.el8_2.ppc64le.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.ppc64le.rpm
krb5-workstation-1.17-19.el8_2.ppc64le.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.ppc64le.rpm
libkadm5-1.17-19.el8_2.ppc64le.rpm
libkadm5-debuginfo-1.17-19.el8_2.ppc64le.rpm

s390x:
krb5-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-debugsource-1.17-19.el8_2.s390x.rpm
krb5-devel-1.17-19.el8_2.s390x.rpm
krb5-devel-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-libs-1.17-19.el8_2.s390x.rpm
krb5-libs-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-pkinit-1.17-19.el8_2.s390x.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-server-1.17-19.el8_2.s390x.rpm
krb5-server-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-server-ldap-1.17-19.el8_2.s390x.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.s390x.rpm
krb5-workstation-1.17-19.el8_2.s390x.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.s390x.rpm
libkadm5-1.17-19.el8_2.s390x.rpm
libkadm5-debuginfo-1.17-19.el8_2.s390x.rpm

x86_64:
krb5-debuginfo-1.17-19.el8_2.i686.rpm
krb5-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-debugsource-1.17-19.el8_2.i686.rpm
krb5-debugsource-1.17-19.el8_2.x86_64.rpm
krb5-devel-1.17-19.el8_2.i686.rpm
krb5-devel-1.17-19.el8_2.x86_64.rpm
krb5-devel-debuginfo-1.17-19.el8_2.i686.rpm
krb5-devel-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-libs-1.17-19.el8_2.i686.rpm
krb5-libs-1.17-19.el8_2.x86_64.rpm
krb5-libs-debuginfo-1.17-19.el8_2.i686.rpm
krb5-libs-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-pkinit-1.17-19.el8_2.i686.rpm
krb5-pkinit-1.17-19.el8_2.x86_64.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.i686.rpm
krb5-pkinit-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-server-1.17-19.el8_2.i686.rpm
krb5-server-1.17-19.el8_2.x86_64.rpm
krb5-server-debuginfo-1.17-19.el8_2.i686.rpm
krb5-server-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-server-ldap-1.17-19.el8_2.i686.rpm
krb5-server-ldap-1.17-19.el8_2.x86_64.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.i686.rpm
krb5-server-ldap-debuginfo-1.17-19.el8_2.x86_64.rpm
krb5-workstation-1.17-19.el8_2.x86_64.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.i686.rpm
krb5-workstation-debuginfo-1.17-19.el8_2.x86_64.rpm
libkadm5-1.17-19.el8_2.i686.rpm
libkadm5-1.17-19.el8_2.x86_64.rpm
libkadm5-debuginfo-1.17-19.el8_2.i686.rpm
libkadm5-debuginfo-1.17-19.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-42898
https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY4Sv3dzjgjWX9erEAQj+Wg/+O580WZ9IBdPqGipxkzUdoj8X9L4pTq/T
TQX82EhK4lDI/oBoSj9PupGvt4H8DpLuaraw6YtF6Rn16H51b/9g2/pCOWVs67tX
MKgNBf7lXE5pL9bH7+kt+pYjWTgDQdMS8qTVYBGT/aJwZOyQQN4uFWEVq/U3D0ou
Wj9HEH2SBjQ4HcHdV8VGLXy9MJtdbsUHJw7IJF94CuI5D2bbL/ktw+3rB/eCQlU8
zbTPeIlMyuuCO9Ks7g7tSM4xUWXbZwJ7SE0N/T6apzBrrWB0+iLmmBWs8nFNc5OB
XvtU4YszNbtXFNF3ogFtrquvJDEjEWQC4Ov2QQvUrgh//C2GgqPklDG22DdDH+yV
0CHFlDFTDSzKDSJpSNT7UVEXoA0ZgPvmMLbuHQNef1XwcH8GiDjQCt+w8JVrzbQz
WCoiv2geP/3qzvb46IkHfZqGwT7hcbVNoCL4u/Wp4TE3dnndvUmbcWOK/KcotXJx
5QmU3xDg4J4EM/YUBlJt2sMvB1OV0KLFi4c8v0KEP3hCIwRTXlg+cqSsMNui5j9Z
oEp4Wb18mSflG160nTYoR7rV2kkduCpP+dyjPYOBrbyARPN999bLaWsRR0SbM6rc
uw1LFyeSNpw5+L03ZQ9ilXXTzqekhJlAho4h2EGjirQ6c13FehwcR3Wu/9aazhYG
KwPikWpsYWM=BXYV
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

RHSA-2023:4053: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...

RHSA-2023:3664: Red Hat Security Advisory: OpenShift Jenkins image and Jenkins agent base image security update

Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

Ubuntu Security Notice USN-5936-1

Ubuntu Security Notice 5936-1 - Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges.

RHSA-2023:0918: Red Hat Security Advisory: Service Binding Operator security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...

RHSA-2023:0786: Red Hat Security Advisory: Network observability 1.1.0 security update

Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

RHSA-2023:0634: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-46175: A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned f...

RHSA-2023:0542: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update

Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...

Ubuntu Security Notice USN-5828-1

Ubuntu Security Notice 5828-1 - It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

Red Hat Security Advisory 2022-7399-01

Red Hat Security Advisory 2022-7399-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

CVE-2022-42898: Fix integer overflows in PAC parsing · krb5/krb5@ea92d2f

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8827-01

Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.

Red Hat Security Advisory 2022-8663-01

Red Hat Security Advisory 2022-8663-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

RHSA-2022:8669: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8662: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

Red Hat Security Advisory 2022-8639-01

Red Hat Security Advisory 2022-8639-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8638-01

Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8640-01

Red Hat Security Advisory 2022-8640-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8641-01

Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8637-01

Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

RHSA-2022:8648: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8640: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8641: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8639: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8638: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

Debian Security Advisory 5287-1

Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.

Debian Security Advisory 5286-1

Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).

Packet Storm: Latest News

Zeek 6.0.9