========================================================================= Ubuntu Security Notice USN-4635-1 November 17, 2020 krb5 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Kerberos could be made to consume unlimited resources if it received specially crafted ASN.1. Software Description: - krb5: MIT Kerberos Network Authentication Protocol Details: Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: krb5-admin-server 1.17-10ubuntu0.1 krb5-k5tls 1.17-10ubuntu0.1 krb5-kdc 1.17-10ubuntu0.1 krb5-kdc-ldap 1.17-10ubuntu0.1 krb5-kpropd 1.17-10ubuntu0.1 krb5-locales 1.17-10ubuntu0.1 krb5-multidev 1.17-10ubuntu0.1 krb5-otp 1.17-10ubuntu0.1 krb5-pkinit 1.17-10ubuntu0.1 krb5-user 1.17-10ubuntu0.1 libgssapi-krb5-2 1.17-10ubuntu0.1 libgssrpc4 1.17-10ubuntu0.1 libk5crypto3 1.17-10ubuntu0.1 libkadm5clnt-mit11 1.17-10ubuntu0.1 libkadm5srv-mit11 1.17-10ubuntu0.1 libkdb5-9 1.17-10ubuntu0.1 libkrad0 1.17-10ubuntu0.1 libkrb5-3 1.17-10ubuntu0.1 libkrb5support0 1.17-10ubuntu0.1 Ubuntu 20.04 LTS: krb5-admin-server 1.17-6ubuntu4.1 krb5-k5tls 1.17-6ubuntu4.1 krb5-kdc 1.17-6ubuntu4.1 krb5-kdc-ldap 1.17-6ubuntu4.1 krb5-kpropd 1.17-6ubuntu4.1 krb5-locales 1.17-6ubuntu4.1 krb5-multidev 1.17-6ubuntu4.1 krb5-otp 1.17-6ubuntu4.1 krb5-pkinit 1.17-6ubuntu4.1 krb5-user 1.17-6ubuntu4.1 libgssapi-krb5-2 1.17-6ubuntu4.1 libgssrpc4 1.17-6ubuntu4.1 libk5crypto3 1.17-6ubuntu4.1 libkadm5clnt-mit11 1.17-6ubuntu4.1 libkadm5srv-mit11 1.17-6ubuntu4.1 libkdb5-9 1.17-6ubuntu4.1 libkrad0 1.17-6ubuntu4.1 libkrb5-3 1.17-6ubuntu4.1 libkrb5support0 1.17-6ubuntu4.1 Ubuntu 18.04 LTS: krb5-admin-server 1.16-2ubuntu0.2 krb5-k5tls 1.16-2ubuntu0.2 krb5-kdc 1.16-2ubuntu0.2 krb5-kdc-ldap 1.16-2ubuntu0.2 krb5-kpropd 1.16-2ubuntu0.2 krb5-locales 1.16-2ubuntu0.2 krb5-otp 1.16-2ubuntu0.2 krb5-pkinit 1.16-2ubuntu0.2 krb5-user 1.16-2ubuntu0.2 libgssapi-krb5-2 1.16-2ubuntu0.2 libgssrpc4 1.16-2ubuntu0.2 libk5crypto3 1.16-2ubuntu0.2 libkadm5clnt-mit11 1.16-2ubuntu0.2 libkadm5srv-mit11 1.16-2ubuntu0.2 libkdb5-9 1.16-2ubuntu0.2 libkrad0 1.16-2ubuntu0.2 libkrb5-3 1.16-2ubuntu0.2 libkrb5support0 1.16-2ubuntu0.2 Ubuntu 16.04 LTS: krb5-admin-server 1.13.2+dfsg-5ubuntu2.2 krb5-k5tls 1.13.2+dfsg-5ubuntu2.2 krb5-kdc 1.13.2+dfsg-5ubuntu2.2 krb5-kdc-ldap 1.13.2+dfsg-5ubuntu2.2 krb5-locales 1.13.2+dfsg-5ubuntu2.2 krb5-multidev 1.13.2+dfsg-5ubuntu2.2 krb5-otp 1.13.2+dfsg-5ubuntu2.2 krb5-pkinit 1.13.2+dfsg-5ubuntu2.2 krb5-user 1.13.2+dfsg-5ubuntu2.2 libgssapi-krb5-2 1.13.2+dfsg-5ubuntu2.2 libgssrpc4 1.13.2+dfsg-5ubuntu2.2 libk5crypto3 1.13.2+dfsg-5ubuntu2.2 libkadm5clnt-mit9 1.13.2+dfsg-5ubuntu2.2 libkadm5srv-mit9 1.13.2+dfsg-5ubuntu2.2 libkdb5-8 1.13.2+dfsg-5ubuntu2.2 libkrad0 1.13.2+dfsg-5ubuntu2.2 libkrb5-3 1.13.2+dfsg-5ubuntu2.2 libkrb5support0 1.13.2+dfsg-5ubuntu2.2 Ubuntu 14.04 ESM: krb5-admin-server 1.12+dfsg-2ubuntu5.4+esm2 krb5-kdc 1.12+dfsg-2ubuntu5.4+esm2 krb5-kdc-ldap 1.12+dfsg-2ubuntu5.4+esm2 krb5-locales 1.12+dfsg-2ubuntu5.4+esm2 krb5-multidev 1.12+dfsg-2ubuntu5.4+esm2 krb5-otp 1.12+dfsg-2ubuntu5.4+esm2 krb5-pkinit 1.12+dfsg-2ubuntu5.4+esm2 krb5-user 1.12+dfsg-2ubuntu5.4+esm2 libgssapi-krb5-2 1.12+dfsg-2ubuntu5.4+esm2 libgssrpc4 1.12+dfsg-2ubuntu5.4+esm2 libk5crypto3 1.12+dfsg-2ubuntu5.4+esm2 libkadm5clnt-mit9 1.12+dfsg-2ubuntu5.4+esm2 libkadm5srv-mit8 1.12+dfsg-2ubuntu5.4+esm2 libkadm5srv-mit9 1.12+dfsg-2ubuntu5.4+esm2 libkdb5-7 1.12+dfsg-2ubuntu5.4+esm2 libkrad0 1.12+dfsg-2ubuntu5.4+esm2 libkrb5-3 1.12+dfsg-2ubuntu5.4+esm2 libkrb5support0 1.12+dfsg-2ubuntu5.4+esm2 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4635-1 CVE-2020-28196 Package Information: https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1 https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1 https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2 https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2