update: mit-krb5 #1159

dongsupark · 2023-08-11T12:21:37Z

Name: mit-krb5
CVEs: CVE-2023-36054
CVSSs: 6.5
Action Needed: update to >= 1.20.2 or >= 1.21.1

Summary: lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

See also https://bugzilla.redhat.com/show_bug.cgi?id=2230178.

refmap.gentoo: TBD

dongsupark added security security concerns advisory security advisory labels Aug 11, 2023

github-project-automation bot added this to Flatcar tactical, release planning, and roadmap Aug 11, 2023

github-project-automation bot moved this to 📝 Needs Triage in Flatcar tactical, release planning, and roadmap Aug 11, 2023

dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Aug 11, 2023

dongsupark added the cvss/MEDIUM >= 4 && < 7 assessed CVSS label Aug 28, 2023

krnowak mentioned this issue Sep 28, 2023

Weekly portage-stable package updates 2023-09-25 flatcar/scripts#1177

Merged

2 tasks

krnowak closed this as completed in flatcar/scripts#1177 Sep 28, 2023

github-project-automation bot moved this from 🪵Backlog to Implemented in Flatcar tactical, release planning, and roadmap Sep 28, 2023

github-actions bot mentioned this issue Nov 9, 2023

Monthly contributions report 2023-09-22 - 2023-10-21 #1244

Closed

dongsupark removed this from Flatcar tactical, release planning, and roadmap Feb 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update: mit-krb5 #1159

update: mit-krb5 #1159

dongsupark commented Aug 11, 2023 •

edited

Loading

update: mit-krb5 #1159

update: mit-krb5 #1159

Comments

dongsupark commented Aug 11, 2023 • edited Loading

dongsupark commented Aug 11, 2023 •

edited

Loading