SUSE-SU-2023:0198-1

UNKNOWN

Security update for krb5

Published Jan 27, 2023

Modified 3 years ago

Fix available

Details

This update for krb5 fixes the following issues:

CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

Affected Packages

krb5

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Micro 5.1SUSE Linux Enterprise Micro 5.2

Fixed in:

1.19.2-150300.10.1

krb5-32bit

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Real Time 15 SP3SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

1.19.2-150300.10.1

krb5-client

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Real Time 15 SP3SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

1.19.2-150300.10.1

krb5-devel

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Real Time 15 SP3SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

1.19.2-150300.10.1

krb5-plugin-kdb-ldap

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Real Time 15 SP3SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

1.19.2-150300.10.1

krb5-plugin-preauth-otp

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Real Time 15 SP3SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

1.19.2-150300.10.1

krb5-plugin-preauth-pkinit

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Real Time 15 SP3SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

1.19.2-150300.10.1

krb5-plugin-preauth-spake

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Real Time 15 SP3SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

1.19.2-150300.10.1

krb5-server

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Real Time 15 SP3SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

1.19.2-150300.10.1

References

https://bugzilla.suse.com/1205126

https://www.suse.com/security/cve/CVE-2022-42898

https://www.suse.com/support/update/announcement/2023/suse-su-20230198-1/

Upstream

Related

Ecosystems(12)

SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2

Timeline

PublishedJan 27, 2023

ModifiedJan 27, 2023

SUSE-SU-2023:0198-1 | Mondoo Vulnerability Intelligence