Debian Security Advisory 4944-1

Debian Security Advisory 4944-1: Posted Jul 28, 2021; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4944-1 - It was discovered that the Key Distribution Center (KDC) in krb5, the MIT implementation of Kerberos, is prone to a NULL pointer dereference flaw. An unauthenticated attacker can take advantage of this flaw to cause a denial of service (KDC crash) by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST.; tags | advisory, denial of service; systems | linux, debian; advisories | CVE-2021-36222; SHA-256 | 42036edebb28009c78bc3526ed1cd53c67ee4d42a4bd26657d2433b71b487a10; Download | Favorite | View

Debian Security Advisory 4944-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4944-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 25, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : krb5
CVE ID         : CVE-2021-36222
Debian Bug     : 991365

It was discovered that the Key Distribution Center (KDC) in krb5, the
MIT implementation of Kerberos, is prone to a NULL pointer dereference
flaw. An unauthenticated attacker can take advantage of this flaw to
cause a denial of service (KDC crash) by sending a request containing a
PA-ENCRYPTED-CHALLENGE padata element without using FAST.

For the stable distribution (buster), this problem has been fixed in
version 1.17-3+deb10u2.

We recommend that you upgrade your krb5 packages.

For the detailed security status of krb5 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/krb5

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmD9EEhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qlzw/+Lc8c3KNtdSzmoGnSP/FPL90O0khFU/0QyKxg5vchp43SypwVAy8a6qb0
2trCG94uFOlObNi2ZGu6zjsDRzeY8dZPk8H5733/8kwOAnItQUR3yvCqomgpxM1N
fQwqx785diACsUpXsvA9eZAgADuuC0aOQJ3kyFmgKa5xXOlCaCuqx1NGp9qpiU+d
/RFyfmseLRA4PnM+H/7U7RVyqHbvrakVokAlnMMr/Bwx9bFbup5xJ54K5KY2FspU
wkgawsgGqYkI1eosg/shlVBvEGdNYRNXp5QkLMRKNYVCDy+Y4lIqgytDoTm83QFt
ns5ZhUd0T70dpokhM3QgDTQWAGtzH3cHJG4zrEtDu4gPud7ZM8htNJ+IIc6mpShy
n4Z7+RI8vS3+Vtv0HgClE7oNxyo8bTQ9A2n6XQGTsTKDMwPa8fxAODIqK3RIwHMh
M+ZZVyGATVrbuQthIsBkiOTenxTM4vSnlO3Hj8NvHWSCcaNqjbfSOXBUwwH4/rjZ
s2127X35PJviqIScQifDFzj8fhs+yOg56DwdvFORQPpX6QczyoiZPv7AlwuCgIUS
jRY1c4QYf3A6B+7ceAbEUHqNSqcYuyryTiEdW7i1sfTBnIBoSuhVRIlTW9NlcCP9
yDDpytcDWFEyumUrWT8uAbuYT5J1/SDybK665c9Di76DhlM3vfM=
=gGg4
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 201 files
indoushka 118 files
Ubuntu 88 files
Gentoo 33 files
Jasper Nota 25 files
Debian 24 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,107)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,890)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,615)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,777)
UNIX (9,440)
UnixWare (187)
Windows (6,676)
Other

Debian Security Advisory 4944-1

Debian Security Advisory 4944-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4944-1

Share This

Debian Security Advisory 4944-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems