krb5-1.21.1-1.el9

エラータID: AXSA:2023-6633:07

Release date: 
Thursday, December 7, 2023 - 07:22
Subject: 
krb5-1.21.1-1.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

* krb5: Denial of service through freeing uninitialized pointer (CVE-2023-36054)
* krb5: double-free in KDC TGS processing (CVE-2023-39975)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-36054
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
CVE-2023-39975
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.

Solution: 

Update packages.

CVEs: 
CVE-2023-36054
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
CVE-2023-39975
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
Additional Info: 

N/A

Download: 

SRPMS
  1. krb5-1.21.1-1.el9.src.rpm
    MD5: 9ae468be160f00251f228a71710c8a1d
    SHA-256: 4395e2729dfefa7defa5d434090c9d96c66c4d73bfbe3601adf7e9a84ec07c77
    Size: 8.33 MB

Asianux Server 9 for x86_64
  1. krb5-devel-1.21.1-1.el9.i686.rpm
    MD5: 5547cefaba806c8677e914960d180713
    SHA-256: a61a108236518e56f0d552c4dd9ff801bf4029b609373d0ffcabc2508e3da6ca
    Size: 132.95 kB
  2. krb5-devel-1.21.1-1.el9.x86_64.rpm
    MD5: 74feb5e1c67da44346dfd822a3af9d48
    SHA-256: c4f6e08b317915899ecdb2c129cd49fa9f63cbeee8c8165b87e400f6be8d6acc
    Size: 133.00 kB
  3. krb5-libs-1.21.1-1.el9.i686.rpm
    MD5: ca0adf34c4dc1b422a6ed3f87833cc1a
    SHA-256: 105f0afd33c96e5c7ae15d4a0f62d3b8b91088f25033bd2377c87185212b238f
    Size: 803.75 kB
  4. krb5-libs-1.21.1-1.el9.x86_64.rpm
    MD5: 444a839932775c82ce0b84a173103c36
    SHA-256: 98611699e5deaf0f7767895d55eb3105179d6226041dd2e200680aa37f0adf1d
    Size: 754.29 kB
  5. krb5-pkinit-1.21.1-1.el9.i686.rpm
    MD5: 8e4a8915e2b3c52b1fe755f0fea8bc29
    SHA-256: fb22a096b89d9c9c3bef761fc07b188c5c0234d443e08d3e0a437c22c51df2bb
    Size: 64.22 kB
  6. krb5-pkinit-1.21.1-1.el9.x86_64.rpm
    MD5: 1820c0df291759e14357face9852c992
    SHA-256: b325f82aeb9ccb717b6e7de6c84b6062dc88654b882fe131788e8b7b528c6cf5
    Size: 58.91 kB
  7. krb5-server-1.21.1-1.el9.i686.rpm
    MD5: 0342c7b532b2ae7b718359c24872e599
    SHA-256: bc874f501aba556a0d0619cc1e8f0229408e6e26066f55c3b254091d9f3c00f9
    Size: 305.61 kB
  8. krb5-server-1.21.1-1.el9.x86_64.rpm
    MD5: 8ebd66d24886f84536eaf4ac0ef5bdc5
    SHA-256: f9e9f762a5b631ff5ca8b63c1a6ee91e96b175ec5e1a1d3cd08920f33c502485
    Size: 292.79 kB
  9. krb5-server-ldap-1.21.1-1.el9.i686.rpm
    MD5: afe3fbfa5003d26df375f881c97b4ed4
    SHA-256: 227bc2339891cc34dc09fc3193d7fb502bda92e03b7c9fb529d6b7daa2a7739d
    Size: 94.48 kB
  10. krb5-server-ldap-1.21.1-1.el9.x86_64.rpm
    MD5: bdb588cd2f99ebf09a91f55aae61c9b5
    SHA-256: 5c0fee1981140b9740f1cad1e3ac95e07597810250af280d6565be3232e6cf7e
    Size: 89.79 kB
  11. krb5-workstation-1.21.1-1.el9.x86_64.rpm
    MD5: 064242064aaab17d0c059fe9978a9dd6
    SHA-256: 7bcc583674432e2d02ddc91d10d85d67e4f84827a8f3a7132c28a96b27b8e171
    Size: 495.62 kB
  12. libkadm5-1.21.1-1.el9.i686.rpm
    MD5: 87122702e446e2383af47f1bbd2fd4e9
    SHA-256: 65714e31b94ccbeeb1fa5e2427184f8b07e82389da39cc23ca890a002acddd9f
    Size: 80.66 kB
  13. libkadm5-1.21.1-1.el9.x86_64.rpm
    MD5: 5c6e5390fede2ac472d27fb1cdf889c5
    SHA-256: 8f4c24139bf45a68ace8d764d699185009dd373c2cb6ddbfd9c545a5c1ce2465
    Size: 76.75 kB