Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8637: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#ldap#aws#auth#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-28

Updated:

2022-11-28

RHSA-2022:8637 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: krb5 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for krb5 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

  • krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing

Red Hat Enterprise Linux for x86_64 9

SRPM

krb5-1.19.1-24.el9_1.src.rpm

SHA-256: 2d676322c7f06fbde2422c64ba3ae89359c2e0e807f6b6aa87c897f06cacb5e4

x86_64

krb5-debuginfo-1.19.1-24.el9_1.i686.rpm

SHA-256: 27cb808827fe9cd93920eb63f1f0674d0ccf8add139c08122b19a258d06b602c

krb5-debuginfo-1.19.1-24.el9_1.x86_64.rpm

SHA-256: 45c8397c30c4f30173c8967790965e9cf9e41289786f856a6d6e2b5775d12b58

krb5-debugsource-1.19.1-24.el9_1.i686.rpm

SHA-256: 9144babe6d78dc25c01ee4f36c01993cb51594e81c4642c9d6e9a14669f81ecb

krb5-debugsource-1.19.1-24.el9_1.x86_64.rpm

SHA-256: 9c56bff291eedbf1647ef9d5b40fcc29ddc640125aabd2d4c1bd8b2778b12da7

krb5-devel-1.19.1-24.el9_1.i686.rpm

SHA-256: 8feeb09bc50e0dbf0394ee394bed5266a16017b1ee38ae4ca67d7a06666aa2ca

krb5-devel-1.19.1-24.el9_1.x86_64.rpm

SHA-256: 0550821f5ab37af1469f7da10f1f1594a39718d73a3e533d66baeb401333e95b

krb5-libs-1.19.1-24.el9_1.i686.rpm

SHA-256: d728fbdf1eb10ab77ff12889f74732d17daedd05364c75c05ec19ac88d3ddf32

krb5-libs-1.19.1-24.el9_1.x86_64.rpm

SHA-256: 5689da007cb289f6f1e812b31a56abdb7ad3d932f2b09adf94897c8c0d50640d

krb5-libs-debuginfo-1.19.1-24.el9_1.i686.rpm

SHA-256: 66da80594d117fabdba6b07c60f92409fdc348c42214e140fcdc7d38196f706a

krb5-libs-debuginfo-1.19.1-24.el9_1.x86_64.rpm

SHA-256: 76f1d04f61ab17161fcde225b7dbaf24ab55f2c5181c4ab0d517d3cee7cbc6ef

krb5-pkinit-1.19.1-24.el9_1.i686.rpm

SHA-256: a9c564885a518675d2a5eacf09ea3c0f01e15cc16259ce306a9fe879c89d62a1

krb5-pkinit-1.19.1-24.el9_1.x86_64.rpm

SHA-256: 8a7eebf08e53f235dbc52c9477df79472f46f1bf0317a8aa192d5d9cc5e21034

krb5-pkinit-debuginfo-1.19.1-24.el9_1.i686.rpm

SHA-256: 6de2e4f8b3b0cfbed1c00d9f9a4595431582eca05bc1c6b124f6cf4489f8607b

krb5-pkinit-debuginfo-1.19.1-24.el9_1.x86_64.rpm

SHA-256: 17863df9a83a3d46d4069e2e565214ed395450dfd6c49290336e1dfde8fbfbee

krb5-server-1.19.1-24.el9_1.i686.rpm

SHA-256: 95dea0a4fb3ac886e2a2b97ce1803d878dbb44199549b3a87d99f0698c9f2220

krb5-server-1.19.1-24.el9_1.x86_64.rpm

SHA-256: be32811403112f0b17f3c5c66d4d79607924543416f536befca4c385eab1cb1a

krb5-server-debuginfo-1.19.1-24.el9_1.i686.rpm

SHA-256: 18ef989a75256b45ecd13e591bf10c3ce8aca5b6e72a2fa34f84e709b690593b

krb5-server-debuginfo-1.19.1-24.el9_1.x86_64.rpm

SHA-256: a9a48327ddd66b3cd69b89af80c76c0cbd4e9173fb11ac8a777af84d8eb878a9

krb5-server-ldap-1.19.1-24.el9_1.i686.rpm

SHA-256: 335301b0e0700b91d99860034b320a886bc94f7ac6709cc003064b273de961b9

krb5-server-ldap-1.19.1-24.el9_1.x86_64.rpm

SHA-256: 726aa01b74f6b082661da764df8a380a4bba47c27fc85a8fc9ef3222eff6aee2

krb5-server-ldap-debuginfo-1.19.1-24.el9_1.i686.rpm

SHA-256: 0c7ab1b2768f2c0d24fb84c83c0a2bfc863e2bb9aca65602da678515d70f6444

krb5-server-ldap-debuginfo-1.19.1-24.el9_1.x86_64.rpm

SHA-256: f37689b86615268a27b9e36be1847be3b090667ab0cdc2475bcbb8f942ef54df

krb5-workstation-1.19.1-24.el9_1.x86_64.rpm

SHA-256: 378f2a763ebfd32336dbfa32627d88093e4fe31bb90845af4bfc31ba76e6374f

krb5-workstation-debuginfo-1.19.1-24.el9_1.x86_64.rpm

SHA-256: ac705dd1bb2ab5f16730642bd3ae5c872f975fead94431aa6b4788d3dfe7bd17

libkadm5-1.19.1-24.el9_1.i686.rpm

SHA-256: 079ed94f136d024c363cd040ad3e389189c0f8d0deaca35f9d312ff94b0d9602

libkadm5-1.19.1-24.el9_1.x86_64.rpm

SHA-256: cc423c4d3fe7bd0aadc8fa50d3f4530221fe4a814d55a5390203af02600842a7

libkadm5-debuginfo-1.19.1-24.el9_1.i686.rpm

SHA-256: d01d0ec1f552f250e40970b3e5e1935951a2cdcdca37f10062a356e7a21406c4

libkadm5-debuginfo-1.19.1-24.el9_1.x86_64.rpm

SHA-256: 468b39b2895d83e97c5b2f2b97b9fce1b8d16e2c8f9f9f4e025a58adee6f5fe5

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

krb5-1.19.1-24.el9_1.src.rpm

SHA-256: 2d676322c7f06fbde2422c64ba3ae89359c2e0e807f6b6aa87c897f06cacb5e4

s390x

krb5-debuginfo-1.19.1-24.el9_1.s390x.rpm

SHA-256: bc3e8aee129205021e538e988bfca9d74cf396cf2af7b61e6eda3ca7ae26afe2

krb5-debugsource-1.19.1-24.el9_1.s390x.rpm

SHA-256: ad900dd5d7956fb110e57c825efdb3862605ca6405566a5297f2da62db13c457

krb5-devel-1.19.1-24.el9_1.s390x.rpm

SHA-256: 2c61cfc482419df20345712ca4e9ae6b4cb5d7651395f924ece2a8d37c5731a0

krb5-libs-1.19.1-24.el9_1.s390x.rpm

SHA-256: 3c31e7bf774b383ea7eba93001c884b18d51da6c3918fbddc336eea34b4666d1

krb5-libs-debuginfo-1.19.1-24.el9_1.s390x.rpm

SHA-256: 002ab34b4bce3e14eed36e5212181cde55558438155e9af5e9238a99c78692f6

krb5-pkinit-1.19.1-24.el9_1.s390x.rpm

SHA-256: baff1174b1530783acb4ca3a82b372bd1839e9a75f401a69737a6a8d1e5980c6

krb5-pkinit-debuginfo-1.19.1-24.el9_1.s390x.rpm

SHA-256: c8bcfcbdc909d333785c4bd767eb3dbe0669af02a41c884f7e7b5e2ce5273208

krb5-server-1.19.1-24.el9_1.s390x.rpm

SHA-256: d49e94333c93af13f403bd937c937cdf985ec51fce381f2ef559257a7eeeef34

krb5-server-debuginfo-1.19.1-24.el9_1.s390x.rpm

SHA-256: c282fc73a19d7edaa96b3445625be860a59eef26e70b67a2dd31c72c897be9df

krb5-server-ldap-1.19.1-24.el9_1.s390x.rpm

SHA-256: 44ddcdbb3809fa39db154da6c1505c378a4cbe7b53277a43bee5a813ff1722db

krb5-server-ldap-debuginfo-1.19.1-24.el9_1.s390x.rpm

SHA-256: 1a54625a049ea9111ca766e16a62fe41a7bff394e089d1fc2ace72fb53b93c4c

krb5-workstation-1.19.1-24.el9_1.s390x.rpm

SHA-256: 14ffcff76b53d2dd0e4004af5713e5ca1aa554b8bde33667578eddace5513018

krb5-workstation-debuginfo-1.19.1-24.el9_1.s390x.rpm

SHA-256: 401ff5c74bb2a29f9534ee1a45e2ffc71ac20683ec03388c2116401e580f2c6b

libkadm5-1.19.1-24.el9_1.s390x.rpm

SHA-256: faa909caed0b0ffd866278f1e58793b2dbd3dc9b5e78ab00081c1bffacd8422e

libkadm5-debuginfo-1.19.1-24.el9_1.s390x.rpm

SHA-256: 8aef22b460f0faedb83c133327a18a149b793bdaebd30de2429ae212f6d2ff43

Red Hat Enterprise Linux for Power, little endian 9

SRPM

krb5-1.19.1-24.el9_1.src.rpm

SHA-256: 2d676322c7f06fbde2422c64ba3ae89359c2e0e807f6b6aa87c897f06cacb5e4

ppc64le

krb5-debuginfo-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: 08afa811e932ed4505ed8c0c80575b5ecea0f33be6679b5e2a48e21284d286d2

krb5-debugsource-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: 3eb6855d1dc6a27c2ba8cb44bd62272737e38e387198c12acfafc0192ab7b704

krb5-devel-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: 787aae3f93b6e9098dd257412c50d95a41131ee42944071589cb3456db3b98da

krb5-libs-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: bcfddbe4d4fc38df0c4c1881b6b711fe78487b7c204f4a359e9214141b2805c0

krb5-libs-debuginfo-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: 0a0d9f957a3f7abec60cce70eff2b87f69b2ed384aab5e7be7ce4c68c37d65b4

krb5-pkinit-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: 252413f339e79c956f5931b9768b4e73471e5fb49081eb089c069f18e3f245f8

krb5-pkinit-debuginfo-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: c540b21967e0235d4311268ec1d25107f0654d1aaa94bca4696e876a07df67a5

krb5-server-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: 47cbaba9db1d21d8a767c65f734a80dc5843c82ba708e39da33336176db3c971

krb5-server-debuginfo-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: 55b3b997a0b83e679653b9956d50be85d6f37c08e0ee3a8f9aeeac80727950ef

krb5-server-ldap-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: cbf39ea95e5353203923166a6ef283df50fa77642e1c10b376c340090426e2da

krb5-server-ldap-debuginfo-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: b1aae9639d939c0c734f01bd883f6c168853ae002699d251087940da7c5d739f

krb5-workstation-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: a20a306449c40f0147b5fbb072fbba053cd439e507e48cf47338ef45d5db57fa

krb5-workstation-debuginfo-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: f1fe565190b243ea013e7ac77a1d468ee7d71369c07e64895a3a48ec22d65adc

libkadm5-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: f5749d840b553754b3c4df051c0db10d06d32c75ef170409d66a4e576772c5cd

libkadm5-debuginfo-1.19.1-24.el9_1.ppc64le.rpm

SHA-256: 9304d12e55a06073542d06a48f79f951e29da2469de47510f09196683eb9c23a

Red Hat Enterprise Linux for ARM 64 9

SRPM

krb5-1.19.1-24.el9_1.src.rpm

SHA-256: 2d676322c7f06fbde2422c64ba3ae89359c2e0e807f6b6aa87c897f06cacb5e4

aarch64

krb5-debuginfo-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 773707d7182a36275634bbae9fbd64d2e9f806f88bceff1850ca739f979b7282

krb5-debugsource-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 38d1e3a6789df8e4265fc04ba153de891ddadd376f54eef599f0f98392a9a9b5

krb5-devel-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 129f0704ed118ddb93bcf687143377f236af321ace4b3ec2c54a8e88bcfc993c

krb5-libs-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 16c5217cbdf7b28612b7559e8b7d952ef291878c60290d13abfee6251536fec6

krb5-libs-debuginfo-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 2087f19fe0323f800136c9d2bc6c8cae9aceca12c890e6ba3140eb3db33641ba

krb5-pkinit-1.19.1-24.el9_1.aarch64.rpm

SHA-256: f09b66a15526dad270b9979cea1bbafe352c3f576cc91a6d2a27c365e837f6f0

krb5-pkinit-debuginfo-1.19.1-24.el9_1.aarch64.rpm

SHA-256: f55cccef950d223587c2c2ab380280a8092e300829a4322d5ec37ca6841cc600

krb5-server-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 860708e64627a9f678d031949a97fbbb2d906011078da5b2768fc97fc3132ebc

krb5-server-debuginfo-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 5905a13fe9e4b0581afcdcea2ac530fa5628fac121389256683829fd4f848784

krb5-server-ldap-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 80cf60c45a497c647f5a1ec0565f1801cbe2c6a87f35dea723086cdb614bab2b

krb5-server-ldap-debuginfo-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 8ed3addc9400001304b2d7b8c4b2755374842aa96393eecdca25147a31f08f42

krb5-workstation-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 2b6fb29a5ddfe060c271aff3f91f8953e21d935ed4640264b23c0c3694012c65

krb5-workstation-debuginfo-1.19.1-24.el9_1.aarch64.rpm

SHA-256: 929cf3254172c0fff7d1ea3581d80831c7c69272fe076800c201fe93288259bc

libkadm5-1.19.1-24.el9_1.aarch64.rpm

SHA-256: de5b5cccd33fe95eef017758ca8e93578e62bfd23b9634938d584885f766c757

libkadm5-debuginfo-1.19.1-24.el9_1.aarch64.rpm

SHA-256: cfbbb6bc39fd7665c763f026ae9d934c7bc291a3e9896724c26d129e6827381f

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202310-06

Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.

Red Hat Security Advisory 2023-4053-01

Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2023-0634-01

Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

Red Hat Security Advisory 2023-0470-01

Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).

Ubuntu Security Notice USN-5828-1

Ubuntu Security Notice 5828-1 - It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

RHSA-2023:0470: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42920: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

CVE-2022-42898: Fix integer overflows in PAC parsing · krb5/krb5@ea92d2f

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:9029: Red Hat Security Advisory: Red Hat Virtualization Host security update [ovirt-4.5.3-3]

An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8964: Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images

Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8827-01

Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.

Red Hat Security Advisory 2022-8662-01

Red Hat Security Advisory 2022-8662-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

RHSA-2022:8669: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8663: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

Red Hat Security Advisory 2022-8639-01

Red Hat Security Advisory 2022-8639-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8638-01

Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8640-01

Red Hat Security Advisory 2022-8640-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8637-01

Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

RHSA-2022:8648: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8640: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8641: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8639: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8638: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

Debian Security Advisory 5287-1

Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.

Debian Security Advisory 5286-1

Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).