SUSE-SU-2022:4335-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2022:4335-1

UNKNOWN

Security update for krb5

Published Dec 6, 2022

Modified 3 years ago

Fix available

Details

This update for krb5 fixes the following issues:

CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

Affected Packages

krb5

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

1.12.5-40.43.1

krb5-32bit

Fixed in:

1.12.5-40.43.1

krb5-client

Fixed in:

1.12.5-40.43.1

krb5-doc

Fixed in:

1.12.5-40.43.1

krb5-plugin-kdb-ldap

Fixed in:

1.12.5-40.43.1

krb5-plugin-preauth-otp

Fixed in:

1.12.5-40.43.1

krb5-plugin-preauth-pkinit

Fixed in:

1.12.5-40.43.1

krb5-server

Fixed in:

1.12.5-40.43.1

krb5-devel

SUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

1.12.5-40.43.1

References

REPORT

https://bugzilla.suse.com/1205126

WEB

https://www.suse.com/security/cve/CVE-2022-42898

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20224335-1/

Upstream

CVE-2022-42898

Ecosystems(9)

SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4

Timeline

PublishedDec 6, 2022

ModifiedDec 6, 2022