Headline
RHSA-2022:8637: Red Hat Security Advisory: krb5 security update
An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-28
Updated:
2022-11-28
RHSA-2022:8637 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: krb5 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for krb5 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).
Security Fix(es):
- krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing
Red Hat Enterprise Linux for x86_64 9
SRPM
krb5-1.19.1-24.el9_1.src.rpm
SHA-256: 2d676322c7f06fbde2422c64ba3ae89359c2e0e807f6b6aa87c897f06cacb5e4
x86_64
krb5-debuginfo-1.19.1-24.el9_1.i686.rpm
SHA-256: 27cb808827fe9cd93920eb63f1f0674d0ccf8add139c08122b19a258d06b602c
krb5-debuginfo-1.19.1-24.el9_1.x86_64.rpm
SHA-256: 45c8397c30c4f30173c8967790965e9cf9e41289786f856a6d6e2b5775d12b58
krb5-debugsource-1.19.1-24.el9_1.i686.rpm
SHA-256: 9144babe6d78dc25c01ee4f36c01993cb51594e81c4642c9d6e9a14669f81ecb
krb5-debugsource-1.19.1-24.el9_1.x86_64.rpm
SHA-256: 9c56bff291eedbf1647ef9d5b40fcc29ddc640125aabd2d4c1bd8b2778b12da7
krb5-devel-1.19.1-24.el9_1.i686.rpm
SHA-256: 8feeb09bc50e0dbf0394ee394bed5266a16017b1ee38ae4ca67d7a06666aa2ca
krb5-devel-1.19.1-24.el9_1.x86_64.rpm
SHA-256: 0550821f5ab37af1469f7da10f1f1594a39718d73a3e533d66baeb401333e95b
krb5-libs-1.19.1-24.el9_1.i686.rpm
SHA-256: d728fbdf1eb10ab77ff12889f74732d17daedd05364c75c05ec19ac88d3ddf32
krb5-libs-1.19.1-24.el9_1.x86_64.rpm
SHA-256: 5689da007cb289f6f1e812b31a56abdb7ad3d932f2b09adf94897c8c0d50640d
krb5-libs-debuginfo-1.19.1-24.el9_1.i686.rpm
SHA-256: 66da80594d117fabdba6b07c60f92409fdc348c42214e140fcdc7d38196f706a
krb5-libs-debuginfo-1.19.1-24.el9_1.x86_64.rpm
SHA-256: 76f1d04f61ab17161fcde225b7dbaf24ab55f2c5181c4ab0d517d3cee7cbc6ef
krb5-pkinit-1.19.1-24.el9_1.i686.rpm
SHA-256: a9c564885a518675d2a5eacf09ea3c0f01e15cc16259ce306a9fe879c89d62a1
krb5-pkinit-1.19.1-24.el9_1.x86_64.rpm
SHA-256: 8a7eebf08e53f235dbc52c9477df79472f46f1bf0317a8aa192d5d9cc5e21034
krb5-pkinit-debuginfo-1.19.1-24.el9_1.i686.rpm
SHA-256: 6de2e4f8b3b0cfbed1c00d9f9a4595431582eca05bc1c6b124f6cf4489f8607b
krb5-pkinit-debuginfo-1.19.1-24.el9_1.x86_64.rpm
SHA-256: 17863df9a83a3d46d4069e2e565214ed395450dfd6c49290336e1dfde8fbfbee
krb5-server-1.19.1-24.el9_1.i686.rpm
SHA-256: 95dea0a4fb3ac886e2a2b97ce1803d878dbb44199549b3a87d99f0698c9f2220
krb5-server-1.19.1-24.el9_1.x86_64.rpm
SHA-256: be32811403112f0b17f3c5c66d4d79607924543416f536befca4c385eab1cb1a
krb5-server-debuginfo-1.19.1-24.el9_1.i686.rpm
SHA-256: 18ef989a75256b45ecd13e591bf10c3ce8aca5b6e72a2fa34f84e709b690593b
krb5-server-debuginfo-1.19.1-24.el9_1.x86_64.rpm
SHA-256: a9a48327ddd66b3cd69b89af80c76c0cbd4e9173fb11ac8a777af84d8eb878a9
krb5-server-ldap-1.19.1-24.el9_1.i686.rpm
SHA-256: 335301b0e0700b91d99860034b320a886bc94f7ac6709cc003064b273de961b9
krb5-server-ldap-1.19.1-24.el9_1.x86_64.rpm
SHA-256: 726aa01b74f6b082661da764df8a380a4bba47c27fc85a8fc9ef3222eff6aee2
krb5-server-ldap-debuginfo-1.19.1-24.el9_1.i686.rpm
SHA-256: 0c7ab1b2768f2c0d24fb84c83c0a2bfc863e2bb9aca65602da678515d70f6444
krb5-server-ldap-debuginfo-1.19.1-24.el9_1.x86_64.rpm
SHA-256: f37689b86615268a27b9e36be1847be3b090667ab0cdc2475bcbb8f942ef54df
krb5-workstation-1.19.1-24.el9_1.x86_64.rpm
SHA-256: 378f2a763ebfd32336dbfa32627d88093e4fe31bb90845af4bfc31ba76e6374f
krb5-workstation-debuginfo-1.19.1-24.el9_1.x86_64.rpm
SHA-256: ac705dd1bb2ab5f16730642bd3ae5c872f975fead94431aa6b4788d3dfe7bd17
libkadm5-1.19.1-24.el9_1.i686.rpm
SHA-256: 079ed94f136d024c363cd040ad3e389189c0f8d0deaca35f9d312ff94b0d9602
libkadm5-1.19.1-24.el9_1.x86_64.rpm
SHA-256: cc423c4d3fe7bd0aadc8fa50d3f4530221fe4a814d55a5390203af02600842a7
libkadm5-debuginfo-1.19.1-24.el9_1.i686.rpm
SHA-256: d01d0ec1f552f250e40970b3e5e1935951a2cdcdca37f10062a356e7a21406c4
libkadm5-debuginfo-1.19.1-24.el9_1.x86_64.rpm
SHA-256: 468b39b2895d83e97c5b2f2b97b9fce1b8d16e2c8f9f9f4e025a58adee6f5fe5
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
krb5-1.19.1-24.el9_1.src.rpm
SHA-256: 2d676322c7f06fbde2422c64ba3ae89359c2e0e807f6b6aa87c897f06cacb5e4
s390x
krb5-debuginfo-1.19.1-24.el9_1.s390x.rpm
SHA-256: bc3e8aee129205021e538e988bfca9d74cf396cf2af7b61e6eda3ca7ae26afe2
krb5-debugsource-1.19.1-24.el9_1.s390x.rpm
SHA-256: ad900dd5d7956fb110e57c825efdb3862605ca6405566a5297f2da62db13c457
krb5-devel-1.19.1-24.el9_1.s390x.rpm
SHA-256: 2c61cfc482419df20345712ca4e9ae6b4cb5d7651395f924ece2a8d37c5731a0
krb5-libs-1.19.1-24.el9_1.s390x.rpm
SHA-256: 3c31e7bf774b383ea7eba93001c884b18d51da6c3918fbddc336eea34b4666d1
krb5-libs-debuginfo-1.19.1-24.el9_1.s390x.rpm
SHA-256: 002ab34b4bce3e14eed36e5212181cde55558438155e9af5e9238a99c78692f6
krb5-pkinit-1.19.1-24.el9_1.s390x.rpm
SHA-256: baff1174b1530783acb4ca3a82b372bd1839e9a75f401a69737a6a8d1e5980c6
krb5-pkinit-debuginfo-1.19.1-24.el9_1.s390x.rpm
SHA-256: c8bcfcbdc909d333785c4bd767eb3dbe0669af02a41c884f7e7b5e2ce5273208
krb5-server-1.19.1-24.el9_1.s390x.rpm
SHA-256: d49e94333c93af13f403bd937c937cdf985ec51fce381f2ef559257a7eeeef34
krb5-server-debuginfo-1.19.1-24.el9_1.s390x.rpm
SHA-256: c282fc73a19d7edaa96b3445625be860a59eef26e70b67a2dd31c72c897be9df
krb5-server-ldap-1.19.1-24.el9_1.s390x.rpm
SHA-256: 44ddcdbb3809fa39db154da6c1505c378a4cbe7b53277a43bee5a813ff1722db
krb5-server-ldap-debuginfo-1.19.1-24.el9_1.s390x.rpm
SHA-256: 1a54625a049ea9111ca766e16a62fe41a7bff394e089d1fc2ace72fb53b93c4c
krb5-workstation-1.19.1-24.el9_1.s390x.rpm
SHA-256: 14ffcff76b53d2dd0e4004af5713e5ca1aa554b8bde33667578eddace5513018
krb5-workstation-debuginfo-1.19.1-24.el9_1.s390x.rpm
SHA-256: 401ff5c74bb2a29f9534ee1a45e2ffc71ac20683ec03388c2116401e580f2c6b
libkadm5-1.19.1-24.el9_1.s390x.rpm
SHA-256: faa909caed0b0ffd866278f1e58793b2dbd3dc9b5e78ab00081c1bffacd8422e
libkadm5-debuginfo-1.19.1-24.el9_1.s390x.rpm
SHA-256: 8aef22b460f0faedb83c133327a18a149b793bdaebd30de2429ae212f6d2ff43
Red Hat Enterprise Linux for Power, little endian 9
SRPM
krb5-1.19.1-24.el9_1.src.rpm
SHA-256: 2d676322c7f06fbde2422c64ba3ae89359c2e0e807f6b6aa87c897f06cacb5e4
ppc64le
krb5-debuginfo-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: 08afa811e932ed4505ed8c0c80575b5ecea0f33be6679b5e2a48e21284d286d2
krb5-debugsource-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: 3eb6855d1dc6a27c2ba8cb44bd62272737e38e387198c12acfafc0192ab7b704
krb5-devel-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: 787aae3f93b6e9098dd257412c50d95a41131ee42944071589cb3456db3b98da
krb5-libs-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: bcfddbe4d4fc38df0c4c1881b6b711fe78487b7c204f4a359e9214141b2805c0
krb5-libs-debuginfo-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: 0a0d9f957a3f7abec60cce70eff2b87f69b2ed384aab5e7be7ce4c68c37d65b4
krb5-pkinit-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: 252413f339e79c956f5931b9768b4e73471e5fb49081eb089c069f18e3f245f8
krb5-pkinit-debuginfo-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: c540b21967e0235d4311268ec1d25107f0654d1aaa94bca4696e876a07df67a5
krb5-server-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: 47cbaba9db1d21d8a767c65f734a80dc5843c82ba708e39da33336176db3c971
krb5-server-debuginfo-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: 55b3b997a0b83e679653b9956d50be85d6f37c08e0ee3a8f9aeeac80727950ef
krb5-server-ldap-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: cbf39ea95e5353203923166a6ef283df50fa77642e1c10b376c340090426e2da
krb5-server-ldap-debuginfo-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: b1aae9639d939c0c734f01bd883f6c168853ae002699d251087940da7c5d739f
krb5-workstation-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: a20a306449c40f0147b5fbb072fbba053cd439e507e48cf47338ef45d5db57fa
krb5-workstation-debuginfo-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: f1fe565190b243ea013e7ac77a1d468ee7d71369c07e64895a3a48ec22d65adc
libkadm5-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: f5749d840b553754b3c4df051c0db10d06d32c75ef170409d66a4e576772c5cd
libkadm5-debuginfo-1.19.1-24.el9_1.ppc64le.rpm
SHA-256: 9304d12e55a06073542d06a48f79f951e29da2469de47510f09196683eb9c23a
Red Hat Enterprise Linux for ARM 64 9
SRPM
krb5-1.19.1-24.el9_1.src.rpm
SHA-256: 2d676322c7f06fbde2422c64ba3ae89359c2e0e807f6b6aa87c897f06cacb5e4
aarch64
krb5-debuginfo-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 773707d7182a36275634bbae9fbd64d2e9f806f88bceff1850ca739f979b7282
krb5-debugsource-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 38d1e3a6789df8e4265fc04ba153de891ddadd376f54eef599f0f98392a9a9b5
krb5-devel-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 129f0704ed118ddb93bcf687143377f236af321ace4b3ec2c54a8e88bcfc993c
krb5-libs-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 16c5217cbdf7b28612b7559e8b7d952ef291878c60290d13abfee6251536fec6
krb5-libs-debuginfo-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 2087f19fe0323f800136c9d2bc6c8cae9aceca12c890e6ba3140eb3db33641ba
krb5-pkinit-1.19.1-24.el9_1.aarch64.rpm
SHA-256: f09b66a15526dad270b9979cea1bbafe352c3f576cc91a6d2a27c365e837f6f0
krb5-pkinit-debuginfo-1.19.1-24.el9_1.aarch64.rpm
SHA-256: f55cccef950d223587c2c2ab380280a8092e300829a4322d5ec37ca6841cc600
krb5-server-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 860708e64627a9f678d031949a97fbbb2d906011078da5b2768fc97fc3132ebc
krb5-server-debuginfo-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 5905a13fe9e4b0581afcdcea2ac530fa5628fac121389256683829fd4f848784
krb5-server-ldap-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 80cf60c45a497c647f5a1ec0565f1801cbe2c6a87f35dea723086cdb614bab2b
krb5-server-ldap-debuginfo-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 8ed3addc9400001304b2d7b8c4b2755374842aa96393eecdca25147a31f08f42
krb5-workstation-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 2b6fb29a5ddfe060c271aff3f91f8953e21d935ed4640264b23c0c3694012c65
krb5-workstation-debuginfo-1.19.1-24.el9_1.aarch64.rpm
SHA-256: 929cf3254172c0fff7d1ea3581d80831c7c69272fe076800c201fe93288259bc
libkadm5-1.19.1-24.el9_1.aarch64.rpm
SHA-256: de5b5cccd33fe95eef017758ca8e93578e62bfd23b9634938d584885f766c757
libkadm5-debuginfo-1.19.1-24.el9_1.aarch64.rpm
SHA-256: cfbbb6bc39fd7665c763f026ae9d934c7bc291a3e9896724c26d129e6827381f
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.
Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.
Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.
Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).
Ubuntu Security Notice 5828-1 - It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42920: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server
An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens
Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.
Red Hat Security Advisory 2022-8662-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Red Hat Security Advisory 2022-8639-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8640-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
An update for krb5 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.
Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).