Summary: | <app-crypt/mit-krb5-1.18.2-r2: Denial of service via crafted ASN.1-encoded message (CVE-2020-28196) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kerberos |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd | ||
Whiteboard: | B3 [glsa+] | ||
Package list: |
app-crypt/mit-krb5-1.18.2-r2
|
Runtime testing required: | --- |
Description
Sam James
2020-11-06 07:55:51 UTC
From the commit (see URL): "The libkrb5 ASN.1 decoder supports BER indefinite lengths. It computes the tag length using recursion; the lack of a recursion limit allows an attacker to overrun the stack and cause the process to crash. Reported by Demi Obenour. CVE-2020-28196: In MIT krb5 releases 1.11 and later, an unauthenticated attacker can cause a denial of service for any client or server to which it can send an ASN.1-encoded Kerberos message of sufficient length." The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c6a41be59b79c996b2e0493399c035e35f8fed9 commit 7c6a41be59b79c996b2e0493399c035e35f8fed9 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-11-10 07:35:33 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-11-10 07:35:33 +0000 app-crypt/mit-krb5: CVE-2020-28196 security bump Bug: https://bugs.gentoo.org/753281 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/mit-krb5-1.18.2-r2.ebuild | 168 +++++++++++++++++++++++++++ 1 file changed, 168 insertions(+) arm64 done arm done amd64 done ppc64 stable x86 done hppa/ppc stable This issue was resolved and addressed in GLSA 202011-17 at https://security.gentoo.org/glsa/202011-17 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed0bf071cd61eb893b480fc5a212023fdd0e4f34 commit ed0bf071cd61eb893b480fc5a212023fdd0e4f34 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-11-17 08:18:19 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-11-17 08:18:19 +0000 app-crypt/mit-krb5: security cleanup Bug: https://bugs.gentoo.org/753281 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/mit-krb5-1.18.2-r1.ebuild | 167 --------------------------- 1 file changed, 167 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c7ac26c4dca6eeb952253a922735dbea7af285b commit 1c7ac26c4dca6eeb952253a922735dbea7af285b Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2020-11-17 09:19:03 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-11-17 09:20:23 +0000 Revert "app-crypt/mit-krb5: security cleanup" This reverts commit ed0bf071cd61eb893b480fc5a212023fdd0e4f34. - not all arches are yet stabilized. Bug: https://bugs.gentoo.org/753281 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-crypt/mit-krb5/mit-krb5-1.18.2-r1.ebuild | 167 +++++++++++++++++++++++++++ 1 file changed, 167 insertions(+) sparc stable. Maintainer(s), please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93c74315c5ee625013b6e4d7cc5a99f927aed325 commit 93c74315c5ee625013b6e4d7cc5a99f927aed325 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-11-19 09:00:23 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-11-19 09:00:23 +0000 app-crypt/mit-krb5: security cleanup Bug: https://bugs.gentoo.org/753281 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/mit-krb5-1.18.2-r1.ebuild | 167 --------------------------- 1 file changed, 167 deletions(-) GLSA'd, tree is clean, closing. |