Headline
RHSA-2022:8640: Red Hat Security Advisory: krb5 security update
An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Synopsis
Important: krb5 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for krb5 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).
Security Fix(es):
- krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing
Red Hat Enterprise Linux Server 7
SRPM
krb5-1.15.1-55.el7_9.src.rpm
SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2
x86_64
krb5-debuginfo-1.15.1-55.el7_9.i686.rpm
SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe
krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm
SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8
krb5-devel-1.15.1-55.el7_9.i686.rpm
SHA-256: 3256d400adda4c74f567c06a5db93ede4c9408db0a79c31d2f917d8045f27077
krb5-devel-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 7a1ac677f2d593adc0def98d5762191a6166254439ad86df809a55b513ceed72
krb5-libs-1.15.1-55.el7_9.i686.rpm
SHA-256: 4d3b05ace812da5683208828b28dde5f388f6d07faaf45fff92bfa13355d91f0
krb5-libs-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 9f24f38985d8c094336a347d3f7940d9668450b4be94d95c3bbb309a535339f6
krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 6d3834f9046944dffa44a26c68e8f1a6649db5d9c15bf12fb677726a8a8fe948
krb5-server-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 6705f3ec2137b8fa7520c8e83976f8853f30ea3723877b759fa283a190d84391
krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm
SHA-256: a8d2a33bcfe543267a2aa0a1d78bd1a1db5fda3678f1cbb6d344bdb26fa11309
krb5-workstation-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 204abdce4b881842d1ae44b307f21b5c7abde6dbdff2194677d1f6374b54a958
libkadm5-1.15.1-55.el7_9.i686.rpm
SHA-256: 5f1ce269d2e061eb17ce4ea5caff264c993f4b36882344f4dfe239c46eb0d3c9
libkadm5-1.15.1-55.el7_9.x86_64.rpm
SHA-256: c3cb40540bb91114f229b8005332600bc33f4f389f363679d7381139c50b6b19
Red Hat Enterprise Linux Workstation 7
SRPM
krb5-1.15.1-55.el7_9.src.rpm
SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2
x86_64
krb5-debuginfo-1.15.1-55.el7_9.i686.rpm
SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe
krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm
SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8
krb5-devel-1.15.1-55.el7_9.i686.rpm
SHA-256: 3256d400adda4c74f567c06a5db93ede4c9408db0a79c31d2f917d8045f27077
krb5-devel-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 7a1ac677f2d593adc0def98d5762191a6166254439ad86df809a55b513ceed72
krb5-libs-1.15.1-55.el7_9.i686.rpm
SHA-256: 4d3b05ace812da5683208828b28dde5f388f6d07faaf45fff92bfa13355d91f0
krb5-libs-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 9f24f38985d8c094336a347d3f7940d9668450b4be94d95c3bbb309a535339f6
krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 6d3834f9046944dffa44a26c68e8f1a6649db5d9c15bf12fb677726a8a8fe948
krb5-server-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 6705f3ec2137b8fa7520c8e83976f8853f30ea3723877b759fa283a190d84391
krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm
SHA-256: a8d2a33bcfe543267a2aa0a1d78bd1a1db5fda3678f1cbb6d344bdb26fa11309
krb5-workstation-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 204abdce4b881842d1ae44b307f21b5c7abde6dbdff2194677d1f6374b54a958
libkadm5-1.15.1-55.el7_9.i686.rpm
SHA-256: 5f1ce269d2e061eb17ce4ea5caff264c993f4b36882344f4dfe239c46eb0d3c9
libkadm5-1.15.1-55.el7_9.x86_64.rpm
SHA-256: c3cb40540bb91114f229b8005332600bc33f4f389f363679d7381139c50b6b19
Red Hat Enterprise Linux Desktop 7
SRPM
krb5-1.15.1-55.el7_9.src.rpm
SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2
x86_64
krb5-debuginfo-1.15.1-55.el7_9.i686.rpm
SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe
krb5-debuginfo-1.15.1-55.el7_9.i686.rpm
SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe
krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm
SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8
krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm
SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8
krb5-devel-1.15.1-55.el7_9.i686.rpm
SHA-256: 3256d400adda4c74f567c06a5db93ede4c9408db0a79c31d2f917d8045f27077
krb5-devel-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 7a1ac677f2d593adc0def98d5762191a6166254439ad86df809a55b513ceed72
krb5-libs-1.15.1-55.el7_9.i686.rpm
SHA-256: 4d3b05ace812da5683208828b28dde5f388f6d07faaf45fff92bfa13355d91f0
krb5-libs-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 9f24f38985d8c094336a347d3f7940d9668450b4be94d95c3bbb309a535339f6
krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 6d3834f9046944dffa44a26c68e8f1a6649db5d9c15bf12fb677726a8a8fe948
krb5-server-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 6705f3ec2137b8fa7520c8e83976f8853f30ea3723877b759fa283a190d84391
krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm
SHA-256: a8d2a33bcfe543267a2aa0a1d78bd1a1db5fda3678f1cbb6d344bdb26fa11309
krb5-workstation-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 204abdce4b881842d1ae44b307f21b5c7abde6dbdff2194677d1f6374b54a958
libkadm5-1.15.1-55.el7_9.i686.rpm
SHA-256: 5f1ce269d2e061eb17ce4ea5caff264c993f4b36882344f4dfe239c46eb0d3c9
libkadm5-1.15.1-55.el7_9.x86_64.rpm
SHA-256: c3cb40540bb91114f229b8005332600bc33f4f389f363679d7381139c50b6b19
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
krb5-1.15.1-55.el7_9.src.rpm
SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2
s390x
krb5-debuginfo-1.15.1-55.el7_9.s390.rpm
SHA-256: 7b92dfcde74bfc8a6cc2195e599eeafd6c5f4f2d0f2079f5834a1ba7cc6dc19f
krb5-debuginfo-1.15.1-55.el7_9.s390x.rpm
SHA-256: e8d2632a716f9937d73ad456c72a83dd62a77146f2e4ec7f6875655ea5bc1816
krb5-devel-1.15.1-55.el7_9.s390.rpm
SHA-256: 2f10c7fbca34fb6c5b127f8c3cd945f96cb589e8b82f1ef5f7d64d512b5b9971
krb5-devel-1.15.1-55.el7_9.s390x.rpm
SHA-256: 0f40e44b641d76c6ab7fb05757b5e8fa300622b11e6d1a200d80bab8e197498b
krb5-libs-1.15.1-55.el7_9.s390.rpm
SHA-256: afcd6355eb1ec1920529323ab3ed38391bcd58e832b6f69b08f2e70bfba7b726
krb5-libs-1.15.1-55.el7_9.s390x.rpm
SHA-256: 915e3d0861753a19a5d73e1be6d78457500e5e57947f09d25cdd5621942d2321
krb5-pkinit-1.15.1-55.el7_9.s390x.rpm
SHA-256: 63dbb897426b63e714112135516ea4e98872533ea92ed84e00003c4465e0d7a1
krb5-server-1.15.1-55.el7_9.s390x.rpm
SHA-256: 96566da10a7e298bff95e777e55ddacf85ee48a93b57ef0a30ee89f2805b3bae
krb5-server-ldap-1.15.1-55.el7_9.s390x.rpm
SHA-256: d822ae0dcb43eb7509d77e5a440163cbfb2996d4139582c33d25653e0d778c3b
krb5-workstation-1.15.1-55.el7_9.s390x.rpm
SHA-256: 56a9866ae48f60d68d3ae5ad57bfa03d9eb69259f465f1835200ee4839d3efe3
libkadm5-1.15.1-55.el7_9.s390.rpm
SHA-256: c2b7a93076e14dd0e9b5d1bcd3a5428d7ce2c69485982ad0dbe6313b7cf13f16
libkadm5-1.15.1-55.el7_9.s390x.rpm
SHA-256: 00822c7baa24f602f1243397bd36396781ae449c464124fd039f842eb9c2eed2
Red Hat Enterprise Linux for Power, big endian 7
SRPM
krb5-1.15.1-55.el7_9.src.rpm
SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2
ppc64
krb5-debuginfo-1.15.1-55.el7_9.ppc.rpm
SHA-256: a183ee385d776ef34f572f43ddde4a0756648c5c7b890abffdcd5908ca989a2d
krb5-debuginfo-1.15.1-55.el7_9.ppc64.rpm
SHA-256: 6cdd9feda2b9567bf0ca0f0c2af7589bba531d8632de569af5ea1b4cbeeba677
krb5-devel-1.15.1-55.el7_9.ppc.rpm
SHA-256: 2df4b7c6e43e596f810fbf650ed678bde1a944bd79758c827fcd767f35e77c3f
krb5-devel-1.15.1-55.el7_9.ppc64.rpm
SHA-256: 62fb7b90c7c980225660404661c558decf00f0129ef4d0e462f49808565bb9a8
krb5-libs-1.15.1-55.el7_9.ppc.rpm
SHA-256: 792dab7c56ceb02618b22da40532d8d5596baa3e85c031e8a4fecc854772a9fa
krb5-libs-1.15.1-55.el7_9.ppc64.rpm
SHA-256: c14909016cac2e47e9c3fd238d7771b40c3d3c75a56ab79531016f590e8e45d6
krb5-pkinit-1.15.1-55.el7_9.ppc64.rpm
SHA-256: 6d51992588a0f5140966296eff00afdf1dd2b3a0256b601938c8d8f9e64c181d
krb5-server-1.15.1-55.el7_9.ppc64.rpm
SHA-256: e8cc49e8246ee72589f482fa0a151234b48f5be9e93818476a0a6104401e3297
krb5-server-ldap-1.15.1-55.el7_9.ppc64.rpm
SHA-256: bc413c37e1ab71ec53a7a06890fbe225d67ae0e33c3c9054da639b3f999c6901
krb5-workstation-1.15.1-55.el7_9.ppc64.rpm
SHA-256: fab5c81a5ec347f6f1f93c7902ac5a8137b98f577005ffc3c488fbbb4f5fa15d
libkadm5-1.15.1-55.el7_9.ppc.rpm
SHA-256: 92a3296dce38058499fbc6e2c3a649b296e1557371997ddf12373c76229884e4
libkadm5-1.15.1-55.el7_9.ppc64.rpm
SHA-256: 19999636db18e2ac2d53fe94f3f472e52c2a499a285639cb6451756fd2c54ad2
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
krb5-1.15.1-55.el7_9.src.rpm
SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2
x86_64
krb5-debuginfo-1.15.1-55.el7_9.i686.rpm
SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe
krb5-debuginfo-1.15.1-55.el7_9.i686.rpm
SHA-256: c889405e06aad2c11c9419366b136df762f6d7ca52416c3e69d6548a04f92cfe
krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm
SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8
krb5-debuginfo-1.15.1-55.el7_9.x86_64.rpm
SHA-256: c6d06f9d5c7b39be42cd9c3beea8f3761d57043abd988801ef018aba80a2cdb8
krb5-devel-1.15.1-55.el7_9.i686.rpm
SHA-256: 3256d400adda4c74f567c06a5db93ede4c9408db0a79c31d2f917d8045f27077
krb5-devel-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 7a1ac677f2d593adc0def98d5762191a6166254439ad86df809a55b513ceed72
krb5-libs-1.15.1-55.el7_9.i686.rpm
SHA-256: 4d3b05ace812da5683208828b28dde5f388f6d07faaf45fff92bfa13355d91f0
krb5-libs-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 9f24f38985d8c094336a347d3f7940d9668450b4be94d95c3bbb309a535339f6
krb5-pkinit-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 6d3834f9046944dffa44a26c68e8f1a6649db5d9c15bf12fb677726a8a8fe948
krb5-server-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 6705f3ec2137b8fa7520c8e83976f8853f30ea3723877b759fa283a190d84391
krb5-server-ldap-1.15.1-55.el7_9.x86_64.rpm
SHA-256: a8d2a33bcfe543267a2aa0a1d78bd1a1db5fda3678f1cbb6d344bdb26fa11309
krb5-workstation-1.15.1-55.el7_9.x86_64.rpm
SHA-256: 204abdce4b881842d1ae44b307f21b5c7abde6dbdff2194677d1f6374b54a958
libkadm5-1.15.1-55.el7_9.i686.rpm
SHA-256: 5f1ce269d2e061eb17ce4ea5caff264c993f4b36882344f4dfe239c46eb0d3c9
libkadm5-1.15.1-55.el7_9.x86_64.rpm
SHA-256: c3cb40540bb91114f229b8005332600bc33f4f389f363679d7381139c50b6b19
Red Hat Enterprise Linux for Power, little endian 7
SRPM
krb5-1.15.1-55.el7_9.src.rpm
SHA-256: a9d5cc897018aed97002cbb460073bfd0546b2960e5809eb7995a12c72955fa2
ppc64le
krb5-debuginfo-1.15.1-55.el7_9.ppc64le.rpm
SHA-256: de5a1de3cf9fed5d2dfefb0845bee17db2f92171f128c5392eb92f0f07d9b4bf
krb5-devel-1.15.1-55.el7_9.ppc64le.rpm
SHA-256: f69b9c7e8a0927f67cef25288d9e35d5fc9add8cd8a604a6201f9c175169f13a
krb5-libs-1.15.1-55.el7_9.ppc64le.rpm
SHA-256: 1ff0f7b0e13219bc5c665373898aad5cd014c0216896b2037050eae312d09afa
krb5-pkinit-1.15.1-55.el7_9.ppc64le.rpm
SHA-256: a6352d2b76d66f604f1f91b0f1557cb3039fc97ca6faf2ecf673d387953ab253
krb5-server-1.15.1-55.el7_9.ppc64le.rpm
SHA-256: ec2fb69783e2cfea019392bddec68f0de6d63140b433762ee860fd696473f339
krb5-server-ldap-1.15.1-55.el7_9.ppc64le.rpm
SHA-256: cb7bfcc44c7cf267a07db3da6a1dd8185a0b9ac0fc6ac111ba9ef7e1bc55dd05
krb5-workstation-1.15.1-55.el7_9.ppc64le.rpm
SHA-256: df4558b15d70d8a279cc7706b8c102d65d48462c9175be528a994169e5f5701e
libkadm5-1.15.1-55.el7_9.ppc64le.rpm
SHA-256: f6ff9e9c64492e65c1a9a72a20a2cc98e7362807771129117d3231e9a5971488
Related news
Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.
Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...
Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-46175: A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned f...
Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...
Ubuntu Security Notice 5828-1 - It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.
The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...
Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.
Red Hat Security Advisory 2022-8662-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Red Hat Security Advisory 2022-8639-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8640-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8648-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
An update for krb5 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.
Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).