[slackware-security] bind

New bind packages are available for Slackware 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.16.44-i586-1slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Limit the amount of recursion that can be...

SUSE CVE-2020-11647

In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion...

krb5 security update

1.15.1-55.0.1 - Add recursion limit for ASN.1 indefinite lengths Orabug: 32582360 1.15.1-55 - Fix integer overflows in PAC parsing CVE-2022-42898 - Resolves: rhbz2140961...

NewStart CGSL MAIN 6.02 : krb5 Vulnerability (NS-SA-2022-0057)

The remote NewStart CGSL host, running version MAIN 6.02, has krb5 packages installed that are affected by a vulnerability: - MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c...

CVE-2022-27943

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangleconst, as demonstrated by nm-new...

krb5 security update

1.15.1-51.0.1 - Add recursion limit for ASN.1 indefinite lengths Orabug: 32582360 1.15.1-51 - Fix KDC null deref on TGS inner body null server CVE-2021-37750 - Resolves: 1997599...

OESA-2021-1285 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash...

EulerOS Virtualization 3.0.2.2 : krb5 (EulerOS-SA-2021-2141)

According to the version of the krb5 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because...

Oracle Linux 8 : krb5 (ELSA-2021-1593)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1593 advisory. - Add recursion limit for ASN.1 indefinite lengths CVE-2020-28196 Tenable has extracted the preceding description block directly from the Oracle Linux security...

krb5 security update

1.18.2-8 - Add recursion limit for ASN.1 indefinite lengths CVE-2020-28196 - Resolves: 1906492 1.18.2-7 - Document -k option in kvno1 synopsis - Resolves: 1869055 1.18.2-6 - Enable MD5 override for FIPS RADIUS - Resolves: 1872689 1.18.2-5.2 - Unify kvno option documentation - Resolves: 1869055...

CVE-2021-28903

A stack overflow in libyang = v1.0.225 can cause a denial of service through function lyxmlparsemem. lyxmlparseelem function will be called recursively, which will consume stack space and lead to crash...

SUSE: Security Advisory (SUSE-SU-2016:1204-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2021-1605)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.0 : krb5 (EulerOS-SA-2021-1641)

According to the version of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message becaus...

EulerOS Virtualization for ARM 64 3.0.2.0 : krb5 (EulerOS-SA-2021-1403)

According to the versions of the krb5 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Kerberos is a network authentication system. The krb5-server package contains the programs that must be installed on a...

EulerOS Virtualization 3.0.6.6 : krb5 (EulerOS-SA-2021-1487)

According to the version of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message becaus...

EulerOS Virtualization 3.0.2.6 : krb5 (EulerOS-SA-2021-1414)

According to the version of the krb5 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2021-1414)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : krb5 (EulerOS-SA-2021-1544)

According to the version of the krb5 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos...

EulerOS 2.0 SP8 : krb5 (EulerOS-SA-2021-1149)

According to the version of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the...