Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8638: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#ldap#aws#auth#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-28

Updated:

2022-11-28

RHSA-2022:8638 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: krb5 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for krb5 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

  • krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing

Red Hat Enterprise Linux for x86_64 8

SRPM

krb5-1.18.2-22.el8_7.src.rpm

SHA-256: 2d0c98574517fc09cf73969ad968a8b2268bc62099331c238141b3ea57857fde

x86_64

krb5-debuginfo-1.18.2-22.el8_7.i686.rpm

SHA-256: 51dea8c6353402713bca1b67085cc2789a0dac763ee8fd424043d4c1af016285

krb5-debuginfo-1.18.2-22.el8_7.x86_64.rpm

SHA-256: b127cc3efe8beb47ffcafb20d4bd67d5aaf751e668255f3dd715fce2fc66f198

krb5-debugsource-1.18.2-22.el8_7.i686.rpm

SHA-256: e41460e77c2076b3e19cbea9ef624430f04512650b777f6d489ab50d736b79d5

krb5-debugsource-1.18.2-22.el8_7.x86_64.rpm

SHA-256: b27506b7c8e7fcd74d401e973b5b2e401a194d174a79fc1be099a2f0751d92aa

krb5-devel-1.18.2-22.el8_7.i686.rpm

SHA-256: f51f1eb46bc3348ea198f682ce4bce31fbc0b0d48c48b55dcc2bebfab7f0ee71

krb5-devel-1.18.2-22.el8_7.x86_64.rpm

SHA-256: e205fee705667784b79769cc5d9bf1fa9d96d245c6ed7414b129d63192a604e0

krb5-devel-debuginfo-1.18.2-22.el8_7.i686.rpm

SHA-256: f95dd68dd69435b36eb38472e8fe92d0924865bea0b4b8ef2472b81e0b015698

krb5-devel-debuginfo-1.18.2-22.el8_7.x86_64.rpm

SHA-256: fa1e3b315be4cac0bf3c05f8c522f3ad87937991b6bf9ff1a3acfec827a48a1f

krb5-libs-1.18.2-22.el8_7.i686.rpm

SHA-256: 2f5ea3d048cca6070ef7e80f74c09d4f736442fc4031b26280b70b119f56dc21

krb5-libs-1.18.2-22.el8_7.x86_64.rpm

SHA-256: eb78aa34ce74461813ead386ac904a903f71fd6423774d3e182d3d1ddf886a88

krb5-libs-debuginfo-1.18.2-22.el8_7.i686.rpm

SHA-256: d24aa3c25d6f8e74c9fb3fd3d87fc6a1424f5cd272901faf7ca6ba8139b02b3e

krb5-libs-debuginfo-1.18.2-22.el8_7.x86_64.rpm

SHA-256: 3c1b635b393025a2bd3aecce5e730d69379d1d7db0fb90d6bb723011d629aab7

krb5-pkinit-1.18.2-22.el8_7.i686.rpm

SHA-256: 02dc53b5cbb4f20994fe98001e2d9fceda1e66fba5736030595af6152085fe05

krb5-pkinit-1.18.2-22.el8_7.x86_64.rpm

SHA-256: 6341b1a4f36449885d5da9639f5bb267ed862266e7909aa83deba491f0f082c0

krb5-pkinit-debuginfo-1.18.2-22.el8_7.i686.rpm

SHA-256: 62453d9dfa49c1419c7c40a48af49f44debda8befa4d41092e99c9bb887d1d82

krb5-pkinit-debuginfo-1.18.2-22.el8_7.x86_64.rpm

SHA-256: 47885fd93ffe5c2e2f6539468984936cd9997283d5efaf606c64f2d4c4bd86d8

krb5-server-1.18.2-22.el8_7.i686.rpm

SHA-256: 83ec02b3d6e49a6b2146c4a56b330b5b8b8e6762d91496df6d6107e416072eb0

krb5-server-1.18.2-22.el8_7.x86_64.rpm

SHA-256: cc2f2a53c359e53dc9c5df374d5548069c879c74c7c696302547a8feae06a8ae

krb5-server-debuginfo-1.18.2-22.el8_7.i686.rpm

SHA-256: 46ef089dfd13d8cceb9287e2f48ec224f7f634730c923a986882b4f6f0ec110e

krb5-server-debuginfo-1.18.2-22.el8_7.x86_64.rpm

SHA-256: 3c47a984f64a0349d7eca4c9459ded3331b23f2a425037e73cea6bdbbd4e4a62

krb5-server-ldap-1.18.2-22.el8_7.i686.rpm

SHA-256: 463c1f29c60d596b74522fb893ee2173ce6505cd655f15532fe54f3512376ad3

krb5-server-ldap-1.18.2-22.el8_7.x86_64.rpm

SHA-256: 96f2c70a311c0fd3c2bb7a14ee8806d9e0052c58d1c9bbf4438821a1917f6ba4

krb5-server-ldap-debuginfo-1.18.2-22.el8_7.i686.rpm

SHA-256: df5cbde671bf769f4607081d2890140c10c083649dc1e8dc649db3eec6795d26

krb5-server-ldap-debuginfo-1.18.2-22.el8_7.x86_64.rpm

SHA-256: d73f52e57cced6c3e0279cafb2d7fa709d94280359e249cbd8cf93e0c9cc5b19

krb5-workstation-1.18.2-22.el8_7.x86_64.rpm

SHA-256: d9aa9d3609acfdb1d9c870f23264d9a315362422c5a3ea7230272428321ee7b8

krb5-workstation-debuginfo-1.18.2-22.el8_7.i686.rpm

SHA-256: c67669224258c64c0d18b373daaa6418d819f638584df65e35a35eb68b3a41c2

krb5-workstation-debuginfo-1.18.2-22.el8_7.x86_64.rpm

SHA-256: 98f47d4287061396e50826542cf9e4e28ea68e91ab9edca186b2c1c9ca23a25b

libkadm5-1.18.2-22.el8_7.i686.rpm

SHA-256: e463e434ac371b93f09385a79c795d0b8a33da58734e364bdabb6b04270a5256

libkadm5-1.18.2-22.el8_7.x86_64.rpm

SHA-256: c021bc9f41e4aa856f5f864da12848d1887bc77ed057be93871dd22ef575d0f7

libkadm5-debuginfo-1.18.2-22.el8_7.i686.rpm

SHA-256: f3fe0d930c2a2de7cd18ad9c97cac123a383f59645078e0df28083866b21020e

libkadm5-debuginfo-1.18.2-22.el8_7.x86_64.rpm

SHA-256: eb47f7dbf45e4121b01b00a22156ed54ab3047654a03761dfde7a62fa109ffd4

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

krb5-1.18.2-22.el8_7.src.rpm

SHA-256: 2d0c98574517fc09cf73969ad968a8b2268bc62099331c238141b3ea57857fde

s390x

krb5-debuginfo-1.18.2-22.el8_7.s390x.rpm

SHA-256: bb8b40b72bf5e218f164bf60a4a88a2fa93cc617a3f5f8c7e34458826e4d607d

krb5-debugsource-1.18.2-22.el8_7.s390x.rpm

SHA-256: 0ca7bdee23539c1436cd9f661e38912efdeb6913e6e8eba6cb5101c28d35e315

krb5-devel-1.18.2-22.el8_7.s390x.rpm

SHA-256: 26c9d7ee4d8cd94f650d5b457a01ebce72d226f9084e486e3e38bda0752ef9b9

krb5-devel-debuginfo-1.18.2-22.el8_7.s390x.rpm

SHA-256: dcee990ec41990a80790dd2488b76c53aa2b3254a968a655fc56c43e1a094bb0

krb5-libs-1.18.2-22.el8_7.s390x.rpm

SHA-256: 6415ea1322825ba981f54797e66ebafd3da809ac537db29130e7898596be1d00

krb5-libs-debuginfo-1.18.2-22.el8_7.s390x.rpm

SHA-256: 022a98413c1d84d3892a43e720fd8bddf8d3c9a4bbdda3ab7550c2e768b9331f

krb5-pkinit-1.18.2-22.el8_7.s390x.rpm

SHA-256: fdd4e9c471c96be5e0250fea414c925fbf6138d0c7d311b0fc1ddb6f8a20487c

krb5-pkinit-debuginfo-1.18.2-22.el8_7.s390x.rpm

SHA-256: 4fe69aea2a1d319e9dad7396a7b0911db1c8a77cf5d9ee508c00f0f998bbaf94

krb5-server-1.18.2-22.el8_7.s390x.rpm

SHA-256: f1573bacd174276570c2463bc36b5acec51a3888804f699a8cb5bdad380d7ca6

krb5-server-debuginfo-1.18.2-22.el8_7.s390x.rpm

SHA-256: a0de1e67c88341f20564551fdcbe2797dbc862d36e63ad0e0e6c5a2e3d90bd6c

krb5-server-ldap-1.18.2-22.el8_7.s390x.rpm

SHA-256: 3753ea997bb17cf6b9175f90c883116a0671fdc6e2fc0952fb7b9ca94c6934f0

krb5-server-ldap-debuginfo-1.18.2-22.el8_7.s390x.rpm

SHA-256: 858bbbcdc4b8a177113c56282dfae8b0e5f77db6c413d8adfa070ad8010859aa

krb5-workstation-1.18.2-22.el8_7.s390x.rpm

SHA-256: 7b922734cb24a9ccbe935f26a5c077bde9cbd1cf0552d62e84e5bf95a23aa8eb

krb5-workstation-debuginfo-1.18.2-22.el8_7.s390x.rpm

SHA-256: 556200dc7f08b660b4c610823a7258855489f4e75c7668497f5fbbd9df7467af

libkadm5-1.18.2-22.el8_7.s390x.rpm

SHA-256: c9678b8a05864f565d3ef1e93e89d4224755efef5a19ea33e0b0c75768ae9cd6

libkadm5-debuginfo-1.18.2-22.el8_7.s390x.rpm

SHA-256: d730de4431d15efee19141a140c2358725eac5490fb1d85347966f02867357f3

Red Hat Enterprise Linux for Power, little endian 8

SRPM

krb5-1.18.2-22.el8_7.src.rpm

SHA-256: 2d0c98574517fc09cf73969ad968a8b2268bc62099331c238141b3ea57857fde

ppc64le

krb5-debuginfo-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 3979bf0141ba6e720d4abc04062002aed76d90d3490a04905fec6a393aaf255b

krb5-debugsource-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 8e5bd2046ae340d408d1d33b7d18000e78175e9b9d9c95af3b892f5e30204371

krb5-devel-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: a8b2a8a3d3e3adb8e8a4230f20353812ace37a68e494765b777e4fdcc140e22c

krb5-devel-debuginfo-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 2917cbf00332b76c3565c324d343d1ed8b81729f1ffb4837b70234f2d9d1b200

krb5-libs-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: b02ba3ba91e99070e9a8ddbfbe5f1b2c6d6fb387806897a1aa0027c3a99b8937

krb5-libs-debuginfo-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 3748beaf06a06973d1c68736aa56874bd92f43c0ee462422a3a156b543f4b9ca

krb5-pkinit-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 69942627e53435c49e959f4ad65729a5cc8eb8a782042f8b8083a8765416c2f1

krb5-pkinit-debuginfo-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 42bd1e172baeb6d877b796bd5b5bc487bc2894975af0ffc3ae8e88c5708f6e55

krb5-server-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: e6fd0d9d4d066a71f48ed332aaab2483b414900ba2a42033c92aa9ac0358d7c1

krb5-server-debuginfo-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 060ffe84e171a9537e4fce40ad37b8e76cde6b2334c13dc0321939224a4cc072

krb5-server-ldap-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 4a73b104345fb5a3de15862048a62535c3426e899b98e565839cdfaf7bacda22

krb5-server-ldap-debuginfo-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 1936685e126b7ffec9e70a4946812abc2d9f85c8509d782d3e058699344cb1cb

krb5-workstation-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: fff7ae901b7d9a7b5d721d7e2984540e796cd3d04a6f4cc3fe714298f4fa8d85

krb5-workstation-debuginfo-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 59a7ddf4bffc15d3a780e5de9973b84fc2318cbe62427a721dc30a640ce37f9a

libkadm5-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: a1a5da5f1008f0ba944f82c05f80273c444fbe519d8078d7f019f1fe8b3a0bc2

libkadm5-debuginfo-1.18.2-22.el8_7.ppc64le.rpm

SHA-256: 8324a0847d7dcb68ff910ec54c1bdf77c3e455bed02709d1c085a08fc98bffe1

Red Hat Enterprise Linux for ARM 64 8

SRPM

krb5-1.18.2-22.el8_7.src.rpm

SHA-256: 2d0c98574517fc09cf73969ad968a8b2268bc62099331c238141b3ea57857fde

aarch64

krb5-debuginfo-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 1b0d008c58e55798b1ad3d0961b31a6f1d1c5642fcecad59c7d4314388cd8b5c

krb5-debugsource-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 822591af8130ce335c5d76c7344a74e05cccb8ee487d60562cb11d66cd209f26

krb5-devel-1.18.2-22.el8_7.aarch64.rpm

SHA-256: fcd65d2f1138200e88f759481af65b7e21813f3b750e055ebb319325076d12e2

krb5-devel-debuginfo-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 648e53bcb46fafd360197eed0546efbdf9f5995f7ed3affdd502ef0cc598bb66

krb5-libs-1.18.2-22.el8_7.aarch64.rpm

SHA-256: b0eef76586e807640ce06e91a83874821c03e897f8babbb3749db748d68f96ff

krb5-libs-debuginfo-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 9f3b4dfa9386f7fe23f1d2594d842bc9e36d9f759d9c8a13e3a2824351202fdc

krb5-pkinit-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 82e95db25ad1ef97c81741e70d4fca4bb8187ea3f9f864bbe6d44e8a5044d6fa

krb5-pkinit-debuginfo-1.18.2-22.el8_7.aarch64.rpm

SHA-256: cde9e73c78c77e3b30a411f5376170659599da6d96bc0bfeefe49296b964daec

krb5-server-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 480b6bce8b59df08fed51027cdd5e7c2eef3df558ce8d330b5c87d661ef3af50

krb5-server-debuginfo-1.18.2-22.el8_7.aarch64.rpm

SHA-256: ede782a22a1b02daa94a4a53aa72ab3f577d4c6e475801c49a0f418598acf0b9

krb5-server-ldap-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 9e1829f29d08f12df3bec27d30672d50997cbdaad7cc15e7cb36b6e65ca27371

krb5-server-ldap-debuginfo-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 7214cf77bbfd01074b65bc545436dabb628798c5ddd5212dbf6fb8a266dbaccd

krb5-workstation-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 281c90541a058a14a522d1746f105b39407e2050c095392c4b95f38ea2ecdfe4

krb5-workstation-debuginfo-1.18.2-22.el8_7.aarch64.rpm

SHA-256: a85fc0461e855bce28aa6af2229fa302744d55e427267b7ce9733225df819490

libkadm5-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 8b9fe3f5d566ef6710d6a939f5d617ffee1e465f276e1f983d02e855b1571a51

libkadm5-debuginfo-1.18.2-22.el8_7.aarch64.rpm

SHA-256: 99908988ed63b6f18c5c8e657a00f95b34573f1e5cd482eaa412b9ccfcede1ad

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202310-06

Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.

Red Hat Security Advisory 2023-4053-01

Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

Red Hat Security Advisory 2023-0918-01

Red Hat Security Advisory 2023-0918-01 - Service Binding manages the data plane for applications and backing services.

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2023-0634-01

Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

Ubuntu Security Notice USN-5822-2

Ubuntu Security Notice 5822-2 - USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. It was discovered that Samba incorrectly handled the bad password count logic. It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. Greg Hudson discovered that Samba incorrectly handled PAC parsing. Joseph Sutton discovered that Samba could be forced to issue rc4-hmac encrypted Kerberos tickets.

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

Ubuntu Security Notice USN-5822-1

Ubuntu Security Notice 5822-1 - It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.

Ubuntu Security Notice USN-5800-1

Ubuntu Security Notice 5800-1 - It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

CVE-2022-42898: Fix integer overflows in PAC parsing · krb5/krb5@ea92d2f

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

RHSA-2022:8889: Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

Red Hat Security Advisory 2022-8669-01

Red Hat Security Advisory 2022-8669-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8663-01

Red Hat Security Advisory 2022-8663-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

RHSA-2022:8663: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8662: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

Red Hat Security Advisory 2022-8639-01

Red Hat Security Advisory 2022-8639-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8638-01

Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8640-01

Red Hat Security Advisory 2022-8640-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8648-01

Red Hat Security Advisory 2022-8648-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8641-01

Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

RHSA-2022:8648: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8640: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8641: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8637: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

Debian Security Advisory 5287-1

Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.

Debian Security Advisory 5286-1

Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).