-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4648-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 31, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libpam-krb5 CVE ID : CVE-2020-10595 Russ Allbery discovered a buffer overflow in the PAM module for MIT Kerberos, which could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (stretch), this problem has been fixed in version 4.7-4+deb9u1. For the stable distribution (buster), this problem has been fixed in version 4.8-2+deb10u1. We recommend that you upgrade your libpam-krb5 packages. For the detailed security status of libpam-krb5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libpam-krb5 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6DfuQACgkQEMKTtsN8 TjZmFRAAtf9AXNuHXzipivbcu7KVyIYjTgYdJxN5ENzPUWepfM0yJodNsgJfDo81 Hv8ZmQGcl5VeBemyEw2wW0u8QyCWHNjSSA0ZwsRQY07mXqQnRVKfqZxUUOdiB224 hiFppOJfcW/cvdlODhp7DtWdm7KkUTuvYAYZ8xIxerN+y7TcmuVQSJw5xM20jPn5 1VKZXD0w/dgz2hGBgSVYYlIEJfZEbZQXPMqAlJu17od47ItXO2ssSGSuVaN9ERse mBRqid2h6Vj+dGfh2naD7WhdEbMIesvdHzwUd6OdHKqm5KvPXpOcohymYLJ5Z7yV ZPSQsFEkJQTCWvIeRkMV1BrDCSYFX/B8Y+K+RLxQo0NGyvyrkVbxWV2ap+JuzDOS skbjRHo3EXfwXwHVvnYVg6WT+NH11vt3eZlhLlEEQfLzU1XToSNt/VkzgIPGXoBo ImZsRtyghcf+jz6FAOFOECAuQGCwvVrW7CQQlnhKcPWjHVnCd67CkMT2k2DLG7z1 xjGvj0M43cSz0fE06SU19kzz3cS3An8t2jxEQ8l6dvrQTyj3Gdyu9lYVBYi5wz3r HUbTrNxxXMZFDUWkTyeHG71NvGCMmUZy5hb0KD/v2hWmtM4Vv9osW4iJ7hkSmZwx nQO4hetiQC6U5fOzwc3YfhvmJCripUoqvZERQ2QQ+5v/UJTVaTk= =6pOX -----END PGP SIGNATURE-----