A krb5 security update has been released for AlmaLinux.
ALSA-2021:3576 Moderate: krb5 security update
Type:
security
Severity:
moderate
Release date:
2021-09-23
Description
Security Fix(es):
* krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS (CVE-2021-36222)
* krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2021-36222
CVE-2021-37750
Updates packages:
krb5-devel-1.18.2-8.3.el8_4.i686.rpm
krb5-devel-1.18.2-8.3.el8_4.x86_64.rpm
krb5-libs-1.18.2-8.3.el8_4.i686.rpm
krb5-libs-1.18.2-8.3.el8_4.x86_64.rpm
krb5-pkinit-1.18.2-8.3.el8_4.i686.rpm
krb5-pkinit-1.18.2-8.3.el8_4.x86_64.rpm
krb5-server-1.18.2-8.3.el8_4.i686.rpm
krb5-server-1.18.2-8.3.el8_4.x86_64.rpm
krb5-server-ldap-1.18.2-8.3.el8_4.i686.rpm
krb5-server-ldap-1.18.2-8.3.el8_4.x86_64.rpm
krb5-workstation-1.18.2-8.3.el8_4.x86_64.rpm
libkadm5-1.18.2-8.3.el8_4.i686.rpm
libkadm5-1.18.2-8.3.el8_4.x86_64.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
