Security Information / 2020 / Security Information -- DSA-4795-1 krb5

Debian Security Advisory

DSA-4795-1 krb5 -- security update

Date Reported:

21 Nov 2020

Affected Packages:

krb5

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2020-28196.

More information:

Demi Obeneour discovered that unbounded recursion in the ASN1 parser of libkrb5 could result in denial of service.

For the stable distribution (buster), this problem has been fixed in version 1.17-3+deb10u1.

We recommend that you upgrade your krb5 packages.

For the detailed security status of krb5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/krb5