Ubuntu Security Notice USN-5828-1

Ubuntu Security Notice USN-5828-1: Posted Jan 26, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5828-1 - It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2018-20217, CVE-2022-42898; SHA-256 | 172f865df6482a98eeb5142645b6b3d004e0fcbb18be188deb32de7ee6994283; Download | Favorite | View

Ubuntu Security Notice USN-5828-1

==========================================================================
Ubuntu Security Notice USN-5828-1
January 25, 2023

krb5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Kerberos.

Software Description:
- krb5: MIT Kerberos Network Authentication Protocol

Details:

It was discovered that Kerberos incorrectly handled certain S4U2Self
requests. An attacker could possibly use this issue to cause a denial of
service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu
18.04 LTS. (CVE-2018-20217)

Greg Hudson discovered that Kerberos PAC implementation incorrectly
handled certain parsing operations. A remote attacker could use this
issue to cause a denial of service, or possibly execute arbitrary code.
(CVE-2022-42898)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   krb5-admin-server               1.20-1ubuntu0.1
   krb5-kdc                        1.20-1ubuntu0.1
   krb5-user                       1.20-1ubuntu0.1
   libgssapi-krb5-2                1.20-1ubuntu0.1
   libkdb5-10                      1.20-1ubuntu0.1

Ubuntu 22.04 LTS:
   krb5-admin-server               1.19.2-2ubuntu0.1
   krb5-kdc                        1.19.2-2ubuntu0.1
   krb5-user                       1.19.2-2ubuntu0.1
   libgssapi-krb5-2                1.19.2-2ubuntu0.1
   libkdb5-10                      1.19.2-2ubuntu0.1

Ubuntu 20.04 LTS:
   krb5-admin-server               1.17-6ubuntu4.2
   krb5-kdc                        1.17-6ubuntu4.2
   krb5-user                       1.17-6ubuntu4.2
   libgssapi-krb5-2                1.17-6ubuntu4.2
   libkdb5-9                       1.17-6ubuntu4.2

Ubuntu 18.04 LTS:
   krb5-admin-server               1.16-2ubuntu0.3
   krb5-kdc                        1.16-2ubuntu0.3
   krb5-user                       1.16-2ubuntu0.3
   libgssapi-krb5-2                1.16-2ubuntu0.3
   libkdb5-9                       1.16-2ubuntu0.3

Ubuntu 16.04 ESM:
   krb5-admin-server               1.13.2+dfsg-5ubuntu2.2+esm3
   krb5-kdc                        1.13.2+dfsg-5ubuntu2.2+esm3
   krb5-user                       1.13.2+dfsg-5ubuntu2.2+esm3
   libgssapi-krb5-2                1.13.2+dfsg-5ubuntu2.2+esm3
   libkdb5-8                       1.13.2+dfsg-5ubuntu2.2+esm3

Ubuntu 14.04 ESM:
   krb5-admin-server               1.12+dfsg-2ubuntu5.4+esm3
   krb5-kdc                        1.12+dfsg-2ubuntu5.4+esm3
   krb5-user                       1.12+dfsg-2ubuntu5.4+esm3
   libgssapi-krb5-2                1.12+dfsg-2ubuntu5.4+esm3
   libkdb5-7                       1.12+dfsg-2ubuntu5.4+esm3

After a standard system update you need to restart any application
using Kerberos libraries to make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5828-1
   CVE-2018-20217, CVE-2022-42898

Package Information:
   https://launchpad.net/ubuntu/+source/krb5/1.20-1ubuntu0.1
   https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.1
   https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.2
   https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.3

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Ubuntu Security Notice USN-5828-1

Ubuntu Security Notice USN-5828-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-5828-1

Share This

Ubuntu Security Notice USN-5828-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems