Headline
RHSA-2022:8638: Red Hat Security Advisory: krb5 security update
An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-28
Updated:
2022-11-28
RHSA-2022:8638 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: krb5 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for krb5 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).
Security Fix(es):
- krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing
Red Hat Enterprise Linux for x86_64 8
SRPM
krb5-1.18.2-22.el8_7.src.rpm
SHA-256: 2d0c98574517fc09cf73969ad968a8b2268bc62099331c238141b3ea57857fde
x86_64
krb5-debuginfo-1.18.2-22.el8_7.i686.rpm
SHA-256: 51dea8c6353402713bca1b67085cc2789a0dac763ee8fd424043d4c1af016285
krb5-debuginfo-1.18.2-22.el8_7.x86_64.rpm
SHA-256: b127cc3efe8beb47ffcafb20d4bd67d5aaf751e668255f3dd715fce2fc66f198
krb5-debugsource-1.18.2-22.el8_7.i686.rpm
SHA-256: e41460e77c2076b3e19cbea9ef624430f04512650b777f6d489ab50d736b79d5
krb5-debugsource-1.18.2-22.el8_7.x86_64.rpm
SHA-256: b27506b7c8e7fcd74d401e973b5b2e401a194d174a79fc1be099a2f0751d92aa
krb5-devel-1.18.2-22.el8_7.i686.rpm
SHA-256: f51f1eb46bc3348ea198f682ce4bce31fbc0b0d48c48b55dcc2bebfab7f0ee71
krb5-devel-1.18.2-22.el8_7.x86_64.rpm
SHA-256: e205fee705667784b79769cc5d9bf1fa9d96d245c6ed7414b129d63192a604e0
krb5-devel-debuginfo-1.18.2-22.el8_7.i686.rpm
SHA-256: f95dd68dd69435b36eb38472e8fe92d0924865bea0b4b8ef2472b81e0b015698
krb5-devel-debuginfo-1.18.2-22.el8_7.x86_64.rpm
SHA-256: fa1e3b315be4cac0bf3c05f8c522f3ad87937991b6bf9ff1a3acfec827a48a1f
krb5-libs-1.18.2-22.el8_7.i686.rpm
SHA-256: 2f5ea3d048cca6070ef7e80f74c09d4f736442fc4031b26280b70b119f56dc21
krb5-libs-1.18.2-22.el8_7.x86_64.rpm
SHA-256: eb78aa34ce74461813ead386ac904a903f71fd6423774d3e182d3d1ddf886a88
krb5-libs-debuginfo-1.18.2-22.el8_7.i686.rpm
SHA-256: d24aa3c25d6f8e74c9fb3fd3d87fc6a1424f5cd272901faf7ca6ba8139b02b3e
krb5-libs-debuginfo-1.18.2-22.el8_7.x86_64.rpm
SHA-256: 3c1b635b393025a2bd3aecce5e730d69379d1d7db0fb90d6bb723011d629aab7
krb5-pkinit-1.18.2-22.el8_7.i686.rpm
SHA-256: 02dc53b5cbb4f20994fe98001e2d9fceda1e66fba5736030595af6152085fe05
krb5-pkinit-1.18.2-22.el8_7.x86_64.rpm
SHA-256: 6341b1a4f36449885d5da9639f5bb267ed862266e7909aa83deba491f0f082c0
krb5-pkinit-debuginfo-1.18.2-22.el8_7.i686.rpm
SHA-256: 62453d9dfa49c1419c7c40a48af49f44debda8befa4d41092e99c9bb887d1d82
krb5-pkinit-debuginfo-1.18.2-22.el8_7.x86_64.rpm
SHA-256: 47885fd93ffe5c2e2f6539468984936cd9997283d5efaf606c64f2d4c4bd86d8
krb5-server-1.18.2-22.el8_7.i686.rpm
SHA-256: 83ec02b3d6e49a6b2146c4a56b330b5b8b8e6762d91496df6d6107e416072eb0
krb5-server-1.18.2-22.el8_7.x86_64.rpm
SHA-256: cc2f2a53c359e53dc9c5df374d5548069c879c74c7c696302547a8feae06a8ae
krb5-server-debuginfo-1.18.2-22.el8_7.i686.rpm
SHA-256: 46ef089dfd13d8cceb9287e2f48ec224f7f634730c923a986882b4f6f0ec110e
krb5-server-debuginfo-1.18.2-22.el8_7.x86_64.rpm
SHA-256: 3c47a984f64a0349d7eca4c9459ded3331b23f2a425037e73cea6bdbbd4e4a62
krb5-server-ldap-1.18.2-22.el8_7.i686.rpm
SHA-256: 463c1f29c60d596b74522fb893ee2173ce6505cd655f15532fe54f3512376ad3
krb5-server-ldap-1.18.2-22.el8_7.x86_64.rpm
SHA-256: 96f2c70a311c0fd3c2bb7a14ee8806d9e0052c58d1c9bbf4438821a1917f6ba4
krb5-server-ldap-debuginfo-1.18.2-22.el8_7.i686.rpm
SHA-256: df5cbde671bf769f4607081d2890140c10c083649dc1e8dc649db3eec6795d26
krb5-server-ldap-debuginfo-1.18.2-22.el8_7.x86_64.rpm
SHA-256: d73f52e57cced6c3e0279cafb2d7fa709d94280359e249cbd8cf93e0c9cc5b19
krb5-workstation-1.18.2-22.el8_7.x86_64.rpm
SHA-256: d9aa9d3609acfdb1d9c870f23264d9a315362422c5a3ea7230272428321ee7b8
krb5-workstation-debuginfo-1.18.2-22.el8_7.i686.rpm
SHA-256: c67669224258c64c0d18b373daaa6418d819f638584df65e35a35eb68b3a41c2
krb5-workstation-debuginfo-1.18.2-22.el8_7.x86_64.rpm
SHA-256: 98f47d4287061396e50826542cf9e4e28ea68e91ab9edca186b2c1c9ca23a25b
libkadm5-1.18.2-22.el8_7.i686.rpm
SHA-256: e463e434ac371b93f09385a79c795d0b8a33da58734e364bdabb6b04270a5256
libkadm5-1.18.2-22.el8_7.x86_64.rpm
SHA-256: c021bc9f41e4aa856f5f864da12848d1887bc77ed057be93871dd22ef575d0f7
libkadm5-debuginfo-1.18.2-22.el8_7.i686.rpm
SHA-256: f3fe0d930c2a2de7cd18ad9c97cac123a383f59645078e0df28083866b21020e
libkadm5-debuginfo-1.18.2-22.el8_7.x86_64.rpm
SHA-256: eb47f7dbf45e4121b01b00a22156ed54ab3047654a03761dfde7a62fa109ffd4
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
krb5-1.18.2-22.el8_7.src.rpm
SHA-256: 2d0c98574517fc09cf73969ad968a8b2268bc62099331c238141b3ea57857fde
s390x
krb5-debuginfo-1.18.2-22.el8_7.s390x.rpm
SHA-256: bb8b40b72bf5e218f164bf60a4a88a2fa93cc617a3f5f8c7e34458826e4d607d
krb5-debugsource-1.18.2-22.el8_7.s390x.rpm
SHA-256: 0ca7bdee23539c1436cd9f661e38912efdeb6913e6e8eba6cb5101c28d35e315
krb5-devel-1.18.2-22.el8_7.s390x.rpm
SHA-256: 26c9d7ee4d8cd94f650d5b457a01ebce72d226f9084e486e3e38bda0752ef9b9
krb5-devel-debuginfo-1.18.2-22.el8_7.s390x.rpm
SHA-256: dcee990ec41990a80790dd2488b76c53aa2b3254a968a655fc56c43e1a094bb0
krb5-libs-1.18.2-22.el8_7.s390x.rpm
SHA-256: 6415ea1322825ba981f54797e66ebafd3da809ac537db29130e7898596be1d00
krb5-libs-debuginfo-1.18.2-22.el8_7.s390x.rpm
SHA-256: 022a98413c1d84d3892a43e720fd8bddf8d3c9a4bbdda3ab7550c2e768b9331f
krb5-pkinit-1.18.2-22.el8_7.s390x.rpm
SHA-256: fdd4e9c471c96be5e0250fea414c925fbf6138d0c7d311b0fc1ddb6f8a20487c
krb5-pkinit-debuginfo-1.18.2-22.el8_7.s390x.rpm
SHA-256: 4fe69aea2a1d319e9dad7396a7b0911db1c8a77cf5d9ee508c00f0f998bbaf94
krb5-server-1.18.2-22.el8_7.s390x.rpm
SHA-256: f1573bacd174276570c2463bc36b5acec51a3888804f699a8cb5bdad380d7ca6
krb5-server-debuginfo-1.18.2-22.el8_7.s390x.rpm
SHA-256: a0de1e67c88341f20564551fdcbe2797dbc862d36e63ad0e0e6c5a2e3d90bd6c
krb5-server-ldap-1.18.2-22.el8_7.s390x.rpm
SHA-256: 3753ea997bb17cf6b9175f90c883116a0671fdc6e2fc0952fb7b9ca94c6934f0
krb5-server-ldap-debuginfo-1.18.2-22.el8_7.s390x.rpm
SHA-256: 858bbbcdc4b8a177113c56282dfae8b0e5f77db6c413d8adfa070ad8010859aa
krb5-workstation-1.18.2-22.el8_7.s390x.rpm
SHA-256: 7b922734cb24a9ccbe935f26a5c077bde9cbd1cf0552d62e84e5bf95a23aa8eb
krb5-workstation-debuginfo-1.18.2-22.el8_7.s390x.rpm
SHA-256: 556200dc7f08b660b4c610823a7258855489f4e75c7668497f5fbbd9df7467af
libkadm5-1.18.2-22.el8_7.s390x.rpm
SHA-256: c9678b8a05864f565d3ef1e93e89d4224755efef5a19ea33e0b0c75768ae9cd6
libkadm5-debuginfo-1.18.2-22.el8_7.s390x.rpm
SHA-256: d730de4431d15efee19141a140c2358725eac5490fb1d85347966f02867357f3
Red Hat Enterprise Linux for Power, little endian 8
SRPM
krb5-1.18.2-22.el8_7.src.rpm
SHA-256: 2d0c98574517fc09cf73969ad968a8b2268bc62099331c238141b3ea57857fde
ppc64le
krb5-debuginfo-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 3979bf0141ba6e720d4abc04062002aed76d90d3490a04905fec6a393aaf255b
krb5-debugsource-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 8e5bd2046ae340d408d1d33b7d18000e78175e9b9d9c95af3b892f5e30204371
krb5-devel-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: a8b2a8a3d3e3adb8e8a4230f20353812ace37a68e494765b777e4fdcc140e22c
krb5-devel-debuginfo-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 2917cbf00332b76c3565c324d343d1ed8b81729f1ffb4837b70234f2d9d1b200
krb5-libs-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: b02ba3ba91e99070e9a8ddbfbe5f1b2c6d6fb387806897a1aa0027c3a99b8937
krb5-libs-debuginfo-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 3748beaf06a06973d1c68736aa56874bd92f43c0ee462422a3a156b543f4b9ca
krb5-pkinit-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 69942627e53435c49e959f4ad65729a5cc8eb8a782042f8b8083a8765416c2f1
krb5-pkinit-debuginfo-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 42bd1e172baeb6d877b796bd5b5bc487bc2894975af0ffc3ae8e88c5708f6e55
krb5-server-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: e6fd0d9d4d066a71f48ed332aaab2483b414900ba2a42033c92aa9ac0358d7c1
krb5-server-debuginfo-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 060ffe84e171a9537e4fce40ad37b8e76cde6b2334c13dc0321939224a4cc072
krb5-server-ldap-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 4a73b104345fb5a3de15862048a62535c3426e899b98e565839cdfaf7bacda22
krb5-server-ldap-debuginfo-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 1936685e126b7ffec9e70a4946812abc2d9f85c8509d782d3e058699344cb1cb
krb5-workstation-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: fff7ae901b7d9a7b5d721d7e2984540e796cd3d04a6f4cc3fe714298f4fa8d85
krb5-workstation-debuginfo-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 59a7ddf4bffc15d3a780e5de9973b84fc2318cbe62427a721dc30a640ce37f9a
libkadm5-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: a1a5da5f1008f0ba944f82c05f80273c444fbe519d8078d7f019f1fe8b3a0bc2
libkadm5-debuginfo-1.18.2-22.el8_7.ppc64le.rpm
SHA-256: 8324a0847d7dcb68ff910ec54c1bdf77c3e455bed02709d1c085a08fc98bffe1
Red Hat Enterprise Linux for ARM 64 8
SRPM
krb5-1.18.2-22.el8_7.src.rpm
SHA-256: 2d0c98574517fc09cf73969ad968a8b2268bc62099331c238141b3ea57857fde
aarch64
krb5-debuginfo-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 1b0d008c58e55798b1ad3d0961b31a6f1d1c5642fcecad59c7d4314388cd8b5c
krb5-debugsource-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 822591af8130ce335c5d76c7344a74e05cccb8ee487d60562cb11d66cd209f26
krb5-devel-1.18.2-22.el8_7.aarch64.rpm
SHA-256: fcd65d2f1138200e88f759481af65b7e21813f3b750e055ebb319325076d12e2
krb5-devel-debuginfo-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 648e53bcb46fafd360197eed0546efbdf9f5995f7ed3affdd502ef0cc598bb66
krb5-libs-1.18.2-22.el8_7.aarch64.rpm
SHA-256: b0eef76586e807640ce06e91a83874821c03e897f8babbb3749db748d68f96ff
krb5-libs-debuginfo-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 9f3b4dfa9386f7fe23f1d2594d842bc9e36d9f759d9c8a13e3a2824351202fdc
krb5-pkinit-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 82e95db25ad1ef97c81741e70d4fca4bb8187ea3f9f864bbe6d44e8a5044d6fa
krb5-pkinit-debuginfo-1.18.2-22.el8_7.aarch64.rpm
SHA-256: cde9e73c78c77e3b30a411f5376170659599da6d96bc0bfeefe49296b964daec
krb5-server-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 480b6bce8b59df08fed51027cdd5e7c2eef3df558ce8d330b5c87d661ef3af50
krb5-server-debuginfo-1.18.2-22.el8_7.aarch64.rpm
SHA-256: ede782a22a1b02daa94a4a53aa72ab3f577d4c6e475801c49a0f418598acf0b9
krb5-server-ldap-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 9e1829f29d08f12df3bec27d30672d50997cbdaad7cc15e7cb36b6e65ca27371
krb5-server-ldap-debuginfo-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 7214cf77bbfd01074b65bc545436dabb628798c5ddd5212dbf6fb8a266dbaccd
krb5-workstation-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 281c90541a058a14a522d1746f105b39407e2050c095392c4b95f38ea2ecdfe4
krb5-workstation-debuginfo-1.18.2-22.el8_7.aarch64.rpm
SHA-256: a85fc0461e855bce28aa6af2229fa302744d55e427267b7ce9733225df819490
libkadm5-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 8b9fe3f5d566ef6710d6a939f5d617ffee1e465f276e1f983d02e855b1571a51
libkadm5-debuginfo-1.18.2-22.el8_7.aarch64.rpm
SHA-256: 99908988ed63b6f18c5c8e657a00f95b34573f1e5cd482eaa412b9ccfcede1ad
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.
Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
Red Hat Security Advisory 2023-0918-01 - Service Binding manages the data plane for applications and backing services.
Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.
Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.
Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Ubuntu Security Notice 5822-2 - USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. It was discovered that Samba incorrectly handled the bad password count logic. It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. Greg Hudson discovered that Samba incorrectly handled PAC parsing. Joseph Sutton discovered that Samba could be forced to issue rc4-hmac encrypted Kerberos tickets.
Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
Ubuntu Security Notice 5822-1 - It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.
Ubuntu Security Notice 5800-1 - It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements
Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.
Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays
Red Hat Security Advisory 2022-8669-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8663-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
An update for krb5 is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Red Hat Security Advisory 2022-8639-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8640-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8648-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
An update for krb5 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.
Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).