[SECURITY] [DSA 5286-1] krb5 security update

2022-11-1913:31:00

lists.debian.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Debian Security Advisory DSA-5286-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
November 19, 2022 https://www.debian.org/security/faq

Package : krb5
CVE ID : CVE-2022-42898
Debian Bug : 1024267

Greg Hudson discovered integer overflow flaws in the PAC parsing in
krb5, the MIT implementation of Kerberos, which may result in remote
code execution (in a KDC, kadmin, or GSS or Kerberos application server
process), information exposure (to a cross-realm KDC acting
maliciously), or denial of service (KDC or kadmind process crash).

For the stable distribution (bullseye), this problem has been fixed in
version 1.18.3-6+deb11u3.

We recommend that you upgrade your krb5 packages.

For the detailed security status of krb5 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/krb5

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10armhflibkrb5-dbg< 1.17-3+deb10u5libkrb5-dbg_1.17-3+deb10u5_armhf.deb
Debian11i386libotp0-heimdal< 7.7.0+dfsg-2+deb11u2libotp0-heimdal_7.7.0+dfsg-2+deb11u2_i386.deb
Debian11mips64ellibkrb5-26-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u2libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_mips64el.deb
Debian11mips64elkrb5-admin-server< 1.18.3-6+deb11u3krb5-admin-server_1.18.3-6+deb11u3_mips64el.deb
Debian11ppc64ellibkrb5-26-heimdal< 7.7.0+dfsg-2+deb11u2libkrb5-26-heimdal_7.7.0+dfsg-2+deb11u2_ppc64el.deb
Debian11ppc64ellibheimbase1-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u2libheimbase1-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_ppc64el.deb
Debian11amd64krb5-kdc-ldap< 1.18.3-6+deb11u3krb5-kdc-ldap_1.18.3-6+deb11u3_amd64.deb
Debian10armhfkrb5-user< 1.17-3+deb10u5krb5-user_1.17-3+deb10u5_armhf.deb
Debian11arm64libkrb5-26-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u2libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_arm64.deb
Debian10amd64libkdb5-9< 1.17-3+deb10u5libkdb5-9_1.17-3+deb10u5_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armhf	libkrb5-dbg	< 1.17-3+deb10u5	libkrb5-dbg_1.17-3+deb10u5_armhf.deb
Debian	11	i386	libotp0-heimdal	< 7.7.0+dfsg-2+deb11u2	libotp0-heimdal_7.7.0+dfsg-2+deb11u2_i386.deb
Debian	11	mips64el	libkrb5-26-heimdal-dbgsym	< 7.7.0+dfsg-2+deb11u2	libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_mips64el.deb
Debian	11	mips64el	krb5-admin-server	< 1.18.3-6+deb11u3	krb5-admin-server_1.18.3-6+deb11u3_mips64el.deb
Debian	11	ppc64el	libkrb5-26-heimdal	< 7.7.0+dfsg-2+deb11u2	libkrb5-26-heimdal_7.7.0+dfsg-2+deb11u2_ppc64el.deb
Debian	11	ppc64el	libheimbase1-heimdal-dbgsym	< 7.7.0+dfsg-2+deb11u2	libheimbase1-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_ppc64el.deb
Debian	11	amd64	krb5-kdc-ldap	< 1.18.3-6+deb11u3	krb5-kdc-ldap_1.18.3-6+deb11u3_amd64.deb
Debian	10	armhf	krb5-user	< 1.17-3+deb10u5	krb5-user_1.17-3+deb10u5_armhf.deb
Debian	11	arm64	libkrb5-26-heimdal-dbgsym	< 7.7.0+dfsg-2+deb11u2	libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u2_arm64.deb
Debian	10	amd64	libkdb5-9	< 1.17-3+deb10u5	libkdb5-9_1.17-3+deb10u5_amd64.deb