krb5 security update

1.15.1-55.0.1 - Add recursion limit for ASN.1 indefinite lengths Orabug: 32582360 1.15.1-55 - Fix integer overflows in PAC parsing CVE-2022-42898 - Resolves: rhbz2140961...

krb5 security update

1.18.2-22.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1. - Fix integer overflows in PAC parsing CVE-2022-42898 - Resolves: rhbz2140967...

Denial Of Service (DoS)

libexiv2.so is vulnerable to denial of service. The vulnerability exists in the CiffDirectory::readDirectory function of crwimageint.cpp due to integer overflows which allows an attacker to cause an application crash by providing malicious input...

Security fix for the ALT Linux 9 package krb5 version 1.17.2-alt4

1.17.2-alt4 built Nov. 24, 2022 Ivan A. Melnikov in task 310094 Nov. 16, 2022 Ivan A. Melnikov - Backports from 1.19.4: + fix integer overflows in PAC parsing Fixes: CVE-2022-42898; + fix some memory leaks...

SUSE SLED15 / SLES15 Security Update : krb5 (SUSE-SU-2022:4167-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4167-1 advisory. - PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to...

Security fix for the ALT Linux 10 package samba version 4.16.7-alt1

Nov. 22, 2022 Evgeny Sinelnikov 4.16.7-alt1 - Update to maintenance release of Samba 4.16 Samba15203 - Security fixes: + CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PA...

SUSE SLES15 Security Update : krb5 (SUSE-SU-2022:4154-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4154-1 advisory. - The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference ...

Denial Of Service (DoS)

samba is vulnerable to denial of service DoS attacks. The library fails to guard against integer overflows when parsing a PAC on a 32-bit system, which allows an attacker with a forged PAC to corrupt the heap...

[slackware-security] krb5

New krb5 packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/krb5-1.19.2-i586-3slack15.0.txz: Rebuilt. Fixed integer overflows in PAC parsing. Fixed memory leak in OTP kdcpreauth module. Fixed...

Slackware: Security Advisory (SSA:2022-320-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Samba Buffer Overflow Vulnerability (CVE-2022-42898)

Samba is prone to a buffer overflow vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2022-5570 · Mit +13 · Mit Kerberos 5 +12

Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 versions prior to 1.19.4 and 1.20.x prior to 1.20.1 Heimdal versions prior to 7.7.1 Samba versions prior to 4.15.12, 4.16.7, and 4.17.3 Description: The issue is related to integer overflows in the PAC parsing in MIT Kerberos 5...

GSD-2022-1007254 crypto: marvell/octeontx - prevent integer overflows

crypto: marvell/octeontx - prevent integer overflows This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.150 by commit...

GSD-2022-1007050 crypto: marvell/octeontx - prevent integer overflows

crypto: marvell/octeontx - prevent integer overflows This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

GSD-2022-1006785 crypto: marvell/octeontx - prevent integer overflows

crypto: marvell/octeontx - prevent integer overflows This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

OESA-2022-2057 expat security update

This package provides with static libraries and header files for developing with expat. Security Fixes: xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.CVE-2022-25235 xmlparse.c in Exp...

Mageia: Security Advisory (MGASA-2022-0412)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libxml2 packages fix security vulnerability

Integer overflows with XMLPARSEHUGE. CVE-2022-40303 Dict corruption caused by entity reference cycles. CVE-2022-40304...

MGASA-2022-0412 Updated libxml2 packages fix security vulnerability

Integer overflows with XMLPARSEHUGE. CVE-2022-40303 Dict corruption caused by entity reference cycles. CVE-2022-40304...

SUSE: Security Advisory (SUSE-SU-2022:3871-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...