"MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit."
From the commit (see URL): "The libkrb5 ASN.1 decoder supports BER indefinite lengths. It computes the tag length using recursion; the lack of a recursion limit allows an attacker to overrun the stack and cause the process to crash. Reported by Demi Obenour. CVE-2020-28196: In MIT krb5 releases 1.11 and later, an unauthenticated attacker can cause a denial of service for any client or server to which it can send an ASN.1-encoded Kerberos message of sufficient length."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c6a41be59b79c996b2e0493399c035e35f8fed9 commit 7c6a41be59b79c996b2e0493399c035e35f8fed9 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-11-10 07:35:33 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-11-10 07:35:33 +0000 app-crypt/mit-krb5: CVE-2020-28196 security bump Bug: https://bugs.gentoo.org/753281 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/mit-krb5-1.18.2-r2.ebuild | 168 +++++++++++++++++++++++++++ 1 file changed, 168 insertions(+)
arm64 done
arm done
amd64 done
ppc64 stable
x86 done
hppa/ppc stable
This issue was resolved and addressed in GLSA 202011-17 at https://security.gentoo.org/glsa/202011-17 by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed0bf071cd61eb893b480fc5a212023fdd0e4f34 commit ed0bf071cd61eb893b480fc5a212023fdd0e4f34 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-11-17 08:18:19 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-11-17 08:18:19 +0000 app-crypt/mit-krb5: security cleanup Bug: https://bugs.gentoo.org/753281 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/mit-krb5-1.18.2-r1.ebuild | 167 --------------------------- 1 file changed, 167 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c7ac26c4dca6eeb952253a922735dbea7af285b commit 1c7ac26c4dca6eeb952253a922735dbea7af285b Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2020-11-17 09:19:03 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-11-17 09:20:23 +0000 Revert "app-crypt/mit-krb5: security cleanup" This reverts commit ed0bf071cd61eb893b480fc5a212023fdd0e4f34. - not all arches are yet stabilized. Bug: https://bugs.gentoo.org/753281 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-crypt/mit-krb5/mit-krb5-1.18.2-r1.ebuild | 167 +++++++++++++++++++++++++++ 1 file changed, 167 insertions(+)
sparc stable. Maintainer(s), please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93c74315c5ee625013b6e4d7cc5a99f927aed325 commit 93c74315c5ee625013b6e4d7cc5a99f927aed325 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-11-19 09:00:23 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-11-19 09:00:23 +0000 app-crypt/mit-krb5: security cleanup Bug: https://bugs.gentoo.org/753281 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/mit-krb5-1.18.2-r1.ebuild | 167 --------------------------- 1 file changed, 167 deletions(-)
GLSA'd, tree is clean, closing.