SUSE-SU-2021:0527-1

HIGH7.5

Security update for krb5-appl

Published Feb 19, 2021

Modified 5 years ago

Fix available

Details

Description of the patch:

This update for krb5-appl fixes the following issues:

CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109).
CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109).

Affected Packages

krb5-appl-clients

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP3-LTSSSUSE Linux Enterprise Server 12 SP4-LTSS

Fixed in:

1.0.3-3.6.1

krb5-appl-servers

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP3-LTSSSUSE Linux Enterprise Server 12 SP4-LTSS

Fixed in:

1.0.3-3.6.1

References

ADVISORY

https://bugzilla.suse.com/1131109

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2021-February/008353.html

ADVISORY

https://www.suse.com/security/cve/CVE-2019-25017/

ADVISORY

https://www.suse.com/security/cve/CVE-2019-25018/

WEB