[ubuntu/bionic-security] krb5 1.16-2ubuntu0.3 (Accepted)
Rodrigo Figueiredo Zaiden
rodrigo.zaiden at canonical.com
Wed Jan 25 19:09:33 UTC 2023
krb5 (1.16-2ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-42898.patch: add buffer length checks in
krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for
invalid buffers in src/lib/krb5/krb/t_pac.c.
- CVE-2022-42898
* SECURITY UPDATE: DoS (crash) the KDC by making an S4U2Self request
- debian/patches/CVE-2018-20217-1.patch: Ignore password attributes for
S4U2Self requests.
- debian/patches/CVE-2018-20217-2.patch: remove incorrect KDC assertion.
- CVE-2018-20217
Date: 2023-01-23 23:07:13.423308+00:00
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list