krb5-1.21.1-1.el9
エラータID: AXSA:2023-6633:07
リリース日:
2023/12/07 Thursday - 07:22
題名:
krb5-1.21.1-1.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Kerberos 5 の lib/kadm5/kadm_rpc_xdr.c には、初期化されて
いないポインタを解放してしまう問題があるため、リモートの
認証された攻撃者により、kadmind のクラッシュを可能とする
脆弱性が存在します。(CVE-2023-36054)
- Kerberos 5 の kdc/do_tgs_req.c には、リモートの認証された
攻撃者により、認可データの処理の失敗を介して、メモリ領域
の二重解放を可能とする脆弱性が存在します。(CVE-2023-39975)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-36054
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
CVE-2023-39975
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
追加情報:
N/A
ダウンロード:
SRPMS
- krb5-1.21.1-1.el9.src.rpm
MD5: 9ae468be160f00251f228a71710c8a1d
SHA-256: 4395e2729dfefa7defa5d434090c9d96c66c4d73bfbe3601adf7e9a84ec07c77
Size: 8.33 MB
Asianux Server 9 for x86_64
- krb5-devel-1.21.1-1.el9.i686.rpm
MD5: 5547cefaba806c8677e914960d180713
SHA-256: a61a108236518e56f0d552c4dd9ff801bf4029b609373d0ffcabc2508e3da6ca
Size: 132.95 kB - krb5-devel-1.21.1-1.el9.x86_64.rpm
MD5: 74feb5e1c67da44346dfd822a3af9d48
SHA-256: c4f6e08b317915899ecdb2c129cd49fa9f63cbeee8c8165b87e400f6be8d6acc
Size: 133.00 kB - krb5-libs-1.21.1-1.el9.i686.rpm
MD5: ca0adf34c4dc1b422a6ed3f87833cc1a
SHA-256: 105f0afd33c96e5c7ae15d4a0f62d3b8b91088f25033bd2377c87185212b238f
Size: 803.75 kB - krb5-libs-1.21.1-1.el9.x86_64.rpm
MD5: 444a839932775c82ce0b84a173103c36
SHA-256: 98611699e5deaf0f7767895d55eb3105179d6226041dd2e200680aa37f0adf1d
Size: 754.29 kB - krb5-pkinit-1.21.1-1.el9.i686.rpm
MD5: 8e4a8915e2b3c52b1fe755f0fea8bc29
SHA-256: fb22a096b89d9c9c3bef761fc07b188c5c0234d443e08d3e0a437c22c51df2bb
Size: 64.22 kB - krb5-pkinit-1.21.1-1.el9.x86_64.rpm
MD5: 1820c0df291759e14357face9852c992
SHA-256: b325f82aeb9ccb717b6e7de6c84b6062dc88654b882fe131788e8b7b528c6cf5
Size: 58.91 kB - krb5-server-1.21.1-1.el9.i686.rpm
MD5: 0342c7b532b2ae7b718359c24872e599
SHA-256: bc874f501aba556a0d0619cc1e8f0229408e6e26066f55c3b254091d9f3c00f9
Size: 305.61 kB - krb5-server-1.21.1-1.el9.x86_64.rpm
MD5: 8ebd66d24886f84536eaf4ac0ef5bdc5
SHA-256: f9e9f762a5b631ff5ca8b63c1a6ee91e96b175ec5e1a1d3cd08920f33c502485
Size: 292.79 kB - krb5-server-ldap-1.21.1-1.el9.i686.rpm
MD5: afe3fbfa5003d26df375f881c97b4ed4
SHA-256: 227bc2339891cc34dc09fc3193d7fb502bda92e03b7c9fb529d6b7daa2a7739d
Size: 94.48 kB - krb5-server-ldap-1.21.1-1.el9.x86_64.rpm
MD5: bdb588cd2f99ebf09a91f55aae61c9b5
SHA-256: 5c0fee1981140b9740f1cad1e3ac95e07597810250af280d6565be3232e6cf7e
Size: 89.79 kB - krb5-workstation-1.21.1-1.el9.x86_64.rpm
MD5: 064242064aaab17d0c059fe9978a9dd6
SHA-256: 7bcc583674432e2d02ddc91d10d85d67e4f84827a8f3a7132c28a96b27b8e171
Size: 495.62 kB - libkadm5-1.21.1-1.el9.i686.rpm
MD5: 87122702e446e2383af47f1bbd2fd4e9
SHA-256: 65714e31b94ccbeeb1fa5e2427184f8b07e82389da39cc23ca890a002acddd9f
Size: 80.66 kB - libkadm5-1.21.1-1.el9.x86_64.rpm
MD5: 5c6e5390fede2ac472d27fb1cdf889c5
SHA-256: 8f4c24139bf45a68ace8d764d699185009dd373c2cb6ddbfd9c545a5c1ce2465
Size: 76.75 kB
English