[SECURITY] [DLA 2437-1] krb5 security update

ID DEBIAN:DLA-2437-1:334D0
Type debian
Reporter Debian
Modified 2020-11-07T12:38:26


Debian LTS Advisory DLA-2437-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb November 07, 2020 https://wiki.debian.org/LTS

Package : krb5 Version : 1.15-1+deb9u2 CVE ID : CVE-2020-28196 Debian Bug : #973880

It was discovered that there was a denial of service vulnerability in the MIT Kerberos network authentication system, krb5. The lack of a limit in the ASN.1 decoder could lead to infinite recursion and allow an attacker to overrun the stack and cause the process to crash.

For Debian 9 "Stretch", this problem has been fixed in version 1.15-1+deb9u2.

We recommend that you upgrade your krb5 packages.

For the detailed security status of krb5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/krb5

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS