Lucene search
OracleLinuxELSA-2023-2570HistoryMay 15, 2023 - 12:00 a.m.
krb5 security, bug fix, and enhancement update
2023-05-1500:00:00
linux.oracle.com
11
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.022 Low
EPSS
Percentile
88.1%
[1.20.1-8.0.1]
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
[1.20.1-8] - Fix datetime parsing in kadmin on s390x
- Resolves: rhbz#2169985
[1.20.1-7] - Fix double free on kdb5_util key creation failure
- Resolves: rhbz#2166603
[1.20.1-6] - Add support for MS-PAC extended KDC signature (CVE-2022-37967)
- Resolves: rhbz#2165827
[1.20.1-5] - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
- Resolves: rhbz#2162461
[1.20.1-4] - Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf
- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf
- Resolves: rhbz#2068535
[1.20.1-2] - Strip debugging data from ksu executable file
- Resolves: rhbz#2159643
[1.20.1-1] - Make tests compatible with sssd-client
- Resolves: rhbz#2151513
- Remove invalid password expiry warning
- Resolves: rhbz#2121099
- Update error checking for OpenSSL CMS_verify
- Resolves: rhbz#2063838
- New upstream version (1.20.1)
- Resolves: rhbz#2016312
- Fix integer overflows in PAC parsing (CVE-2022-42898)
- Resolves: rhbz#2140971
[1.19.1-23] - Fix kprop for propagating dump files larger than 4GB
- Resolves: rhbz#2133014
[1.19.1-22] - Restore ‘supportedCMSTypes’ attribute in PKINIT preauth requests
- Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms
- Resolves: rhbz#2068935
[1.19.1-21] - Fix libkrad client cleanup
- Allow use of larger RADIUS attributes in krad library
- Resolves: rhbz#2100351
[1.19.1-20] - Fix OpenSSL 3 MD5 encyption in FIPS mode
- Allow libkrad UDP/TCP connection to localhost in FIPS mode
- Resolves: rhbz#2068458
[1.19.1-19] - Use p11-kit as default PKCS11 module
- Resolves: rhbz#2030981
[1.19.1-18] - Try harder to avoid password change replay errors
- Resolves: rhbz#2075186
[1.19.1-15] - Use SHA-256 instead of SHA-1 for PKINIT CMS digest
[1.19.1-14] - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
[1.19.1-13] - Remove -specs= from krb5-config output
- Resolves #1997021
[1.19.1-12] - Fix KDC null deref on TGS inner body null server (CVE-2021-37750)
- Resolves: #1997602
[1.19.1-11.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
[1.19.1-11] - Fix KDC null deref on bad encrypted challenge (CVE-2021-36222)
- Resolves: #1983733
[1.19.1-10] - Update OpenSSL 3 provider handling to clean up properly
- Resolves: #1955873
[1.19.1-9] - Sync openssl3 patches with upstream
- Resolves: #1955873
[1.19.1-8] - Rebuild for rpminspect and mass rebuild cleanup; no code changes
- Resolves: #1967505
[1.19.1-7] - Fix several fallback canonicalization problems
- Resolves: #1967505
[1.19.1-6.1] - Rebuilt for RHEL 9 BETA for openssl 3.0
- Resolves: rhbz#1971065
[1.19.1-6] - Backport KCM retrieval fixes
- Resolves: #1956403
[1.19.1-5] - Fix DES3 mention in KDFs
- Resolves: #1955873
[1.19.1-4] - Port to OpenSSL 3 (alpha 15)
- Resolves: #1955873
[1.19.1-3.1] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 9 | src | krb5 | < 1.20.1-8.0.1.el9 | krb5-1.20.1-8.0.1.el9.src.rpm |
| oracle linux | 9 | aarch64 | krb5-devel | < 1.20.1-8.0.1.el9 | krb5-devel-1.20.1-8.0.1.el9.aarch64.rpm |
| oracle linux | 9 | aarch64 | krb5-libs | < 1.20.1-8.0.1.el9 | krb5-libs-1.20.1-8.0.1.el9.aarch64.rpm |
| oracle linux | 9 | aarch64 | krb5-pkinit | < 1.20.1-8.0.1.el9 | krb5-pkinit-1.20.1-8.0.1.el9.aarch64.rpm |
| oracle linux | 9 | aarch64 | krb5-server | < 1.20.1-8.0.1.el9 | krb5-server-1.20.1-8.0.1.el9.aarch64.rpm |
| oracle linux | 9 | aarch64 | krb5-server-ldap | < 1.20.1-8.0.1.el9 | krb5-server-ldap-1.20.1-8.0.1.el9.aarch64.rpm |
| oracle linux | 9 | aarch64 | krb5-workstation | < 1.20.1-8.0.1.el9 | krb5-workstation-1.20.1-8.0.1.el9.aarch64.rpm |
| oracle linux | 9 | aarch64 | libkadm5 | < 1.20.1-8.0.1.el9 | libkadm5-1.20.1-8.0.1.el9.aarch64.rpm |
| oracle linux | 9 | src | krb5 | < 1.20.1-8.0.1.el9 | krb5-1.20.1-8.0.1.el9.src.rpm |
| oracle linux | 9 | i686 | krb5-devel | < 1.20.1-8.0.1.el9 | krb5-devel-1.20.1-8.0.1.el9.i686.rpm |
Related
osv
osv
Moderate: krb5 security, bug fix, and enhancement update
2023-05-09 00:00:00
CVE-2020-17049
2020-11-11 07:15:16
Moderate: idm:DL1 security update
2024-01-10 00:00:00
mskb
mskb
July 13, 2021 Public preview security update (KB5004243)
2021-06-02 00:00:00
June 8, 2021 Public preview security update (KB5003645)
2021-05-05 00:00:00
March 9, 2021—KB5000856 (Security-only update)
2021-03-09 08:00:00
prion
prion
Security feature bypass
2020-11-11 07:15:00
redhat
redhat
(RHSA-2023:2570) Moderate: krb5 security, bug fix, and enhancement update
2023-05-09 05:14:28
(RHSA-2024:0143) Moderate: idm:DL1 security update
2024-01-10 12:30:55
(RHSA-2024:0252) Moderate: krb5 security update
2024-01-15 15:25:49
cbl_mariner
cbl_mariner
CVE-2020-17049 affecting package samba 4.12.5-6
2024-04-28 21:08:36
nessus
nessus
RHEL 9 : krb5 (RHSA-2023:2570)
2023-05-11 00:00:00
Oracle Linux 9 : krb5 (ELSA-2023-2570)
2023-05-15 00:00:00
AlmaLinux 9 : krb5 (ALSA-2023:2570)
2023-05-14 00:00:00
attackerkb
attackerkb
CVE-2020-17049
2020-11-11 00:00:00
openvas
openvas
Samba Security Feature Bypass Vulnerability (CVE-2020-17049)
2021-10-28 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4592468)
2020-12-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4592484)
2020-12-09 00:00:00
almalinux
almalinux
Moderate: krb5 security, bug fix, and enhancement update
2023-05-09 00:00:00
Moderate: idm:DL1 security update
2024-01-10 00:00:00
cve
cve
CVE-2020-17049
2020-11-11 07:15:00
msrc
msrc
Kerberos KDC の脆弱性 (CVE-2020-17049) に対応するためのガイダンス
2020-11-19 08:00:00
mscve
mscve
Kerberos KDC Security Feature Bypass Vulnerability
2020-11-10 08:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.14.9-alt1
2021-11-01 00:00:00
redhatcve
redhatcve
CVE-2020-17049
2021-11-22 20:20:39
rocky
rocky
idm:DL1 security update
2024-01-12 19:57:42
oraclelinux
oraclelinux
idm:DL1 security update
2024-01-12 00:00:00
amazon
amazon
Important: samba
2022-12-01 17:33:00
suse
suse
Security update for samba and ldb (important)
2021-11-10 00:00:00
kaspersky
kaspersky
KLA12003 Multiple vulnerabilities in Microsoft Products (ESU)
2020-11-10 00:00:00
KLA12004 Multiple vulnerabilities in Microsoft Windows
2020-11-10 00:00:00
gentoo
gentoo
Samba: Multiple Vulnerabilities
2023-09-17 00:00:00
avleonov
avleonov
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.022 Low
EPSS
Percentile
88.1%
Related for ELSA-2023-2570