[SECURITY] [DLA 2437-1] krb5 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2437-1] krb5 security update
From: "Chris Lamb" <lamby@debian.org>
Date: Sat, 7 Nov 2020 07:38:26 -0500 (EST)
Message-id: <[🔎] 160475255601.1486572.9254298603103799043@tinycat.chris-lamb.co.uk>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2437-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
November 07, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : krb5
Version        : 1.15-1+deb9u2
CVE ID         : CVE-2020-28196
Debian Bug     : #973880

It was discovered that there was a denial of service vulnerability in
the MIT Kerberos network authentication system, krb5. The lack of a
limit in the ASN.1 decoder could lead to infinite recursion and allow
an attacker to overrun the stack and cause the process to crash.

For Debian 9 "Stretch", this problem has been fixed in version
1.15-1+deb9u2.

We recommend that you upgrade your krb5 packages.

For the detailed security status of krb5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/krb5

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl+mlKoACgkQHpU+J9Qx
HlgpLA//c/KRn+a4bAWlg6QhNCEJ79vD8oCBm9rB2eZC2yK4Wv+K0GQifYwom+mZ
fDXSN9O68AoualGkacS0Tl894lTr/SgoGR/KOTpqHfph0MXxJi0oRjH6yGC49B8A
Sbt1AG9lNGeibA2b/YO/D2gnmLSO81IX6ojIEbi5yl7KWHRZfsUJxpV9sDMbXFKB
Zx/csrM8/j2xK3tq9usIIM3kFj1rKO/ajRW/GwoYPs6UkdgGTZx5ACpVYoXJDdJx
q7Er0ZhN9ulEycTZ9EoAbfXoo9g5l/b/XisPO2TBugU+7612CsrwWajc+m5XGxMl
tzsKtw33EEStiNAvG0RLYWYX+ISePQEVoFLWf+b4g1aMIHTquU9nuC1Et7ZF/Ab5
wE6uFI+o/Q4Ec9jeqRSrZLQqOpFPffGYZ3syznRhX8asqVmDC5JcIDxvNG+PCK5l
K5stZks2rHyi8fB6wsOP1S7r1OPoIXAKNPyq9DxfGCnMHoYBpKTXkClBN9nhfyRa
ms5Ei5uWXcgPvWS7REBDCTA4oiosdDq6BGLCMcD2BiuUeVZOGbJv941pe4fz0iWn
qZDFeMXqyrMc19M/gc3y4ldOLgwJu/FmnD/Fgw5Uio78Ff/SUpRx4y19KUGMgO1m
i7Zb9P9wsJeqsO+hclKrmV6iCHAwGrGYIzniXn1IlxDe5ZVURjM=
=+BIC
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2435-1] guacamole-server security update
Next by Date: [SECURITY] [DLA 2438-1] raptor2 security update
Previous by thread: [SECURITY] [DLA 2435-1] guacamole-server security update
Next by thread: [SECURITY] [DLA 2438-1] raptor2 security update
Index(es):
- Date
- Thread