Lucene search
AmazonALAS2-2023-1915HistoryJan 18, 2023 - 12:17 a.m.
Important: krb5
2023-01-1800:17:00
alas.aws.amazon.com
50
krb5
integer overflow
pac parsing
cve-2022-42898
update.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.3%
Issue Overview:
Integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)
Affected Packages:
krb5
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update krb5 to update your system.
New Packages:
aarch64:
krb5-devel-1.15.1-55.amzn2.2.5.aarch64
krb5-libs-1.15.1-55.amzn2.2.5.aarch64
krb5-server-1.15.1-55.amzn2.2.5.aarch64
krb5-server-ldap-1.15.1-55.amzn2.2.5.aarch64
krb5-workstation-1.15.1-55.amzn2.2.5.aarch64
krb5-pkinit-1.15.1-55.amzn2.2.5.aarch64
libkadm5-1.15.1-55.amzn2.2.5.aarch64
krb5-debuginfo-1.15.1-55.amzn2.2.5.aarch64
i686:
krb5-devel-1.15.1-55.amzn2.2.5.i686
krb5-libs-1.15.1-55.amzn2.2.5.i686
krb5-server-1.15.1-55.amzn2.2.5.i686
krb5-server-ldap-1.15.1-55.amzn2.2.5.i686
krb5-workstation-1.15.1-55.amzn2.2.5.i686
krb5-pkinit-1.15.1-55.amzn2.2.5.i686
libkadm5-1.15.1-55.amzn2.2.5.i686
krb5-debuginfo-1.15.1-55.amzn2.2.5.i686
src:
krb5-1.15.1-55.amzn2.2.5.src
x86_64:
krb5-devel-1.15.1-55.amzn2.2.5.x86_64
krb5-libs-1.15.1-55.amzn2.2.5.x86_64
krb5-server-1.15.1-55.amzn2.2.5.x86_64
krb5-server-ldap-1.15.1-55.amzn2.2.5.x86_64
krb5-workstation-1.15.1-55.amzn2.2.5.x86_64
krb5-pkinit-1.15.1-55.amzn2.2.5.x86_64
libkadm5-1.15.1-55.amzn2.2.5.x86_64
krb5-debuginfo-1.15.1-55.amzn2.2.5.x86_64
Additional References
Red Hat: CVE-2022-42898
Mitre: CVE-2022-42898
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | krb5-devel | < 1.15.1-55.amzn2.2.5 | krb5-devel-1.15.1-55.amzn2.2.5.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | krb5-libs | < 1.15.1-55.amzn2.2.5 | krb5-libs-1.15.1-55.amzn2.2.5.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | krb5-server | < 1.15.1-55.amzn2.2.5 | krb5-server-1.15.1-55.amzn2.2.5.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | krb5-server-ldap | < 1.15.1-55.amzn2.2.5 | krb5-server-ldap-1.15.1-55.amzn2.2.5.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | krb5-workstation | < 1.15.1-55.amzn2.2.5 | krb5-workstation-1.15.1-55.amzn2.2.5.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | krb5-pkinit | < 1.15.1-55.amzn2.2.5 | krb5-pkinit-1.15.1-55.amzn2.2.5.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libkadm5 | < 1.15.1-55.amzn2.2.5 | libkadm5-1.15.1-55.amzn2.2.5.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | krb5-debuginfo | < 1.15.1-55.amzn2.2.5 | krb5-debuginfo-1.15.1-55.amzn2.2.5.aarch64.rpm |
| Amazon Linux | 2 | i686 | krb5-devel | < 1.15.1-55.amzn2.2.5 | krb5-devel-1.15.1-55.amzn2.2.5.i686.rpm |
| Amazon Linux | 2 | i686 | krb5-libs | < 1.15.1-55.amzn2.2.5 | krb5-libs-1.15.1-55.amzn2.2.5.i686.rpm |
Related
nessus
nessus
Amazon Linux 2022 : (ALAS2022-2023-272)
2023-01-25 00:00:00
EulerOS 2.0 SP11 : samba (EulerOS-SA-2023-1432)
2023-03-07 00:00:00
EulerOS 2.0 SP10 : krb5 (EulerOS-SA-2023-1552)
2023-03-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-42898 affecting package heimdal 7.7.0-5
2023-01-29 21:01:57
CVE-2022-42898 affecting package samba 4.12.5-6
2024-06-29 09:08:33
CVE-2022-42898 affecting package krb5 for versions less than 1.19.4-1
2023-01-17 16:46:47
openvas
openvas
openSUSE: Security Advisory for krb5 (SUSE-SU-2023:0198-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2023-1552)
2023-03-20 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2023-1527)
2023-03-20 00:00:00
osv
osv
Important: krb5 security update
2022-11-28 09:18:18
Important: krb5 security update
2022-11-28 09:21:44
krb5 - security update
2022-11-29 00:00:00
oraclelinux
oraclelinux
krb5 security update
2022-11-29 00:00:00
krb5 security update
2023-02-09 00:00:00
krb5 security update
2022-11-28 00:00:00
prion
prion
Integer overflow
2022-12-25 06:15:00
fedora
fedora
[SECURITY] Fedora 36 Update: krb5-1.19.2-12.fc36
2022-11-22 01:20:35
[SECURITY] Fedora 37 Update: krb5-1.19.2-13.fc37
2022-11-22 01:37:30
[SECURITY] Fedora 37 Update: samba-4.17.3-0.fc37
2022-11-18 01:18:28
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)
2023-09-19 19:52:23
centos
centos
krb5, libkadm5 security update
2022-11-30 23:03:16
rocky
rocky
krb5 security update
2022-11-28 09:18:18
krb5 security update
2022-11-28 09:21:44
f5
f5
SAMBA vulnerability CVE-2022-42898
2022-11-29 22:49:00
almalinux
almalinux
Important: krb5 security update
2022-11-28 00:00:00
Important: krb5 security update
2022-11-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package krb5 version 1.17.2-alt4
2022-11-24 00:00:00
Security fix for the ALT Linux 10 package samba version 4.16.7-alt1
2022-11-22 00:00:00
cve
cve
CVE-2022-42898
2022-12-25 06:15:09
amazon
amazon
Important: krb5
2023-01-18 20:56:00
Important: krb5
2023-01-31 20:44:00
debiancve
debiancve
CVE-2022-42898
2022-12-25 06:15:09
cisa
cisa
Samba Releases Security Updates
2022-11-16 00:00:00
redhat
redhat
(RHSA-2022:9029) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-3]
2022-12-14 14:12:25
(RHSA-2022:8639) Important: krb5 security update
2022-11-28 09:36:41
(RHSA-2022:8637) Important: krb5 security update
2022-11-28 09:18:18
veracode
veracode
Denial Of Service (DoS)
2022-11-21 15:06:29
mageia
mageia
Updated krb5 packages fix security vulnerability
2022-12-17 21:48:08
nvd
nvd
CVE-2022-42898
2022-12-25 06:15:09
debian
debian
[SECURITY] [DSA 5286-1] krb5 security update
2022-11-19 13:31:00
[SECURITY] [DLA 3213-1] krb5 security update
2022-11-29 15:07:54
ubuntucve
ubuntucve
CVE-2022-42898
2022-12-25 00:00:00
cloudlinux
cloudlinux
krb5: Fix of CVE-2022-42898
2022-12-12 19:47:31
slackware
slackware
[slackware-security] samba
2022-11-17 02:00:41
[slackware-security] krb5
2022-11-17 01:59:39
redhatcve
redhatcve
CVE-2022-42898
2022-11-15 19:56:22
samba
samba
Samba buffer overflow vulnerabilities on 32-bit
2022-11-15 00:00:00
alpinelinux
alpinelinux
CVE-2022-42898
2022-12-25 06:15:09
cvelist
cvelist
CVE-2022-42898
2022-12-25 00:00:00
freebsd
freebsd
krb5 -- Integer overflow vulnerabilities in PAC parsing
2022-11-05 00:00:00
ubuntu
ubuntu
Kerberos vulnerabilities
2023-01-25 00:00:00
Heimdal vulnerabilities
2023-01-12 00:00:00
cloudfoundry
cloudfoundry
USN-5828-1: Kerberos vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
USN-5800-1: Heimdal vulnerabilities | Cloud Foundry
2023-02-01 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-0518
2023-01-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2419
2024-05-14 08:56:01
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.3%
Related for ALAS2-2023-1915