[SECURITY] [DLA 3626-1] krb5 security update

2023-10-2220:50:22

lists.debian.org

cve-2023-36054

pointer fix

krb5

debian-lts

security update

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

Debian LTS Advisory DLA-3626-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
October 22, 2023 https://wiki.debian.org/LTS

Package : krb5
Version : 1.17-3+deb10u6
CVE ID : CVE-2023-36054
Debian Bug : 1043431

Potential freeing of an uninitialized pointer in kadm_rpc_xdr.c
was fixed in krb5, the MIT implementation of the Kerberos network
authentication protocol.

For Debian 10 buster, this problem has been fixed in version
1.17-3+deb10u6.

We recommend that you upgrade your krb5 packages.

For the detailed security status of krb5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/krb5

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian12armhflibkrb5-3< 1.20.1-2+deb12u1libkrb5-3_1.20.1-2+deb12u1_armhf.deb
Debian11i386krb5-user-dbgsym< 1.18.3-6+deb11u4krb5-user-dbgsym_1.18.3-6+deb11u4_i386.deb
Debian11armelkrb5-kdc< 1.18.3-6+deb11u4krb5-kdc_1.18.3-6+deb11u4_armel.deb
Debian12armellibkrb5-dev< 1.20.1-2+deb12u1libkrb5-dev_1.20.1-2+deb12u1_armel.deb
Debian11armhfkrb5-k5tls-dbgsym< 1.18.3-6+deb11u4krb5-k5tls-dbgsym_1.18.3-6+deb11u4_armhf.deb
Debian11ppc64elkrb5-gss-samples-dbgsym< 1.18.3-6+deb11u4krb5-gss-samples-dbgsym_1.18.3-6+deb11u4_ppc64el.deb
Debian12i386krb5-kdc-dbgsym< 1.20.1-2+deb12u1krb5-kdc-dbgsym_1.20.1-2+deb12u1_i386.deb
Debian11mipselkrb5-user< 1.18.3-6+deb11u4krb5-user_1.18.3-6+deb11u4_mipsel.deb
Debian12mipsellibgssapi-krb5-2< 1.20.1-2+deb12u1libgssapi-krb5-2_1.20.1-2+deb12u1_mipsel.deb
Debian10armhfkrb5-kpropd< 1.17-3+deb10u6krb5-kpropd_1.17-3+deb10u6_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	armhf	libkrb5-3	< 1.20.1-2+deb12u1	libkrb5-3_1.20.1-2+deb12u1_armhf.deb
Debian	11	i386	krb5-user-dbgsym	< 1.18.3-6+deb11u4	krb5-user-dbgsym_1.18.3-6+deb11u4_i386.deb
Debian	11	armel	krb5-kdc	< 1.18.3-6+deb11u4	krb5-kdc_1.18.3-6+deb11u4_armel.deb
Debian	12	armel	libkrb5-dev	< 1.20.1-2+deb12u1	libkrb5-dev_1.20.1-2+deb12u1_armel.deb
Debian	11	armhf	krb5-k5tls-dbgsym	< 1.18.3-6+deb11u4	krb5-k5tls-dbgsym_1.18.3-6+deb11u4_armhf.deb
Debian	11	ppc64el	krb5-gss-samples-dbgsym	< 1.18.3-6+deb11u4	krb5-gss-samples-dbgsym_1.18.3-6+deb11u4_ppc64el.deb
Debian	12	i386	krb5-kdc-dbgsym	< 1.20.1-2+deb12u1	krb5-kdc-dbgsym_1.20.1-2+deb12u1_i386.deb
Debian	11	mipsel	krb5-user	< 1.18.3-6+deb11u4	krb5-user_1.18.3-6+deb11u4_mipsel.deb
Debian	12	mipsel	libgssapi-krb5-2	< 1.20.1-2+deb12u1	libgssapi-krb5-2_1.20.1-2+deb12u1_mipsel.deb
Debian	10	armhf	krb5-kpropd	< 1.17-3+deb10u6	krb5-kpropd_1.17-3+deb10u6_armhf.deb