ALSA-2023:0173 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflows with XMLPARSEHUGE CVE-2022-40303 libxml2: dict corruption caused by entity reference cycles CVE-2022-40304 For more details about the security issues,...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNOME libxml2 (CVE-2022-29824)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNOME libxml2, caused by an integer overflows in several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer CVE-2022-29824. GNOME libxml2 is used as part of the base image...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2023-1136)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : samba (EulerOS-SA-2023-1112)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC...

EulerOS 2.0 SP9 : samba (EulerOS-SA-2023-1136)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC...

CVE-2022-42898

PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow, and cause a denial of service ...

CVE-2022-42898

CVE-2022-42898 concerns integer overflow in PAC parsing within MIT Kerberos 5 (krb5) via the krb5_pac_parse function in lib/krb5/krb/pac.c. Affected: krb5 before 1.19.4 and 1.20.x before 1.20.1; 32-bit platforms may trigger remote code execution in KDC, kadmind, or a GSS/Kerberos application serv...

CVE-2022-42898

PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow, and cause a denial of service ...

CVE-2022-42898

PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow, and cause a denial of service ...

CVE-2022-42898

PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow, and cause a denial of service ...

NewStart CGSL MAIN 6.02 : libxml2 Multiple Vulnerabilities (NS-SA-2022-0104)

The remote NewStart CGSL host, running version MAIN 6.02, has libxml2 packages installed that are affected by multiple vulnerabilities: - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 - In libxml2 before 2.9.14, several buffer handling functions ...

CVE-2022-20483

In several functions that parse avrc response in avrcparsct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

krb5: Fix of CVE-2022-42898

CVE-2022-42898: Fix integer overflows in PAC parsing - A test-suite was activated...

CLSA-2022-1670874138 krb5: Fix of CVE-2022-42898

CVE-2022-42898: Fix integer overflows in PAC parsing - A test-suite was activated...

CLSA-2022-1670873922 krb5: Fix of CVE-2022-42898

CVE-2022-42898: Fix integer overflows in PAC parsing - A test-suite was enabled...

CLSA-2022-1670523403 libxml2: Fix of 2 CVEs

CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...

libxml2: Fix of 2 CVEs

CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...

Rocky Linux 8 : krb5 (RLSA-2022:8638)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8638 advisory. - PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or ...

ASB-A-242459126

In several functions that parse avrc response in avrcparsct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

krb5 security update

1.19.1-24.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.19.1-24 - Fix integer overflows in PAC parsing CVE-2022-42898 - Resolves: rhbz2140970...