Samba: https://www.samba.org/samba/security/CVE-2022-42898.html mit-krb5: https://mailman.mit.edu/pipermail/kerberos-announce/2022q4/000202.html
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 MITKRB5-SA-2022-001 MIT krb5 Security Advisory 2022-001 Original release: 2022-11-15 Last update: 2022-11-15 Topic: Vulnerabilities in PAC parsing CVE-2022-42898: integer overflow vulnerabilities in PAC parsing SUMMARY ======= Three integer overflow vulnerabilities have been discovered in the MIT krb5 library function krb5_parse_pac(). IMPACT ====== An authenticated attacker may be able to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash. On a 32-bit platform, an authenticated attacker may be able to cause heap corruption in a KDC or kadmind process, possibly leading to remote code execution. A privileged attacker may similarly be able to cause heap corruption in a Kerberos or GSS application service running on a 32-bit platform. An attacker with the privileges of a cross-realm KDC may be able to extract secrets from a KDC process's memory by having them copied into the PAC of a new ticket. AFFECTED SOFTWARE ================= Kerberos and GSS application services using krb5-1.8 or later are affected. kadmind in krb5-1.8 or later is affected. The krb5-1.20 KDC is affected. The krb5-1.8 through krb5-1.19 KDC is affected when using the Samba or FreeIPA KDB modules. FIXES ===== * Upcoming releases in the krb5-1.19 and krb5-1.20 series will contain fixes for these vulnerabilities. * The patch for krb5-1.20.x is available at https://web.mit.edu/kerberos/advisories/2022-001-patch-r120.txt A PGP-signed patch is available at https://web.mit.edu/kerberos/advisories/2022-001-patch-r120.txt.asc * The patch for krb5-1.19.x is available at https://web.mit.edu/kerberos/advisories/2022-001-patch-r119.txt A PGP-signed patch is available at https://web.mit.edu/kerberos/advisories/2022-001-patch-r119.txt.asc
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f434fdc40d45538a47707b84a112ed0a5eef621 commit 9f434fdc40d45538a47707b84a112ed0a5eef621 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2022-11-15 21:27:39 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2022-11-15 21:27:39 +0000 app-crypt/mit-krb5: add 1.20.1 Bug: https://bugs.gentoo.org/881397 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/Manifest | 1 + app-crypt/mit-krb5/mit-krb5-1.20.1.ebuild | 148 ++++++++++++++++++++++++++++++ 2 files changed, 149 insertions(+)
