Уязвимость CVE-2020-28196: Информация
Описание
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
MySQL | sisyphus | 8.0.24-alt1 | 8.0.37-alt1.1 | ALT-PU-2021-1686-1 | 270391 | Исправлено |
MySQL | sisyphus_riscv64 | 8.0.27-alt1.0.rv64 | 8.0.37-alt0.port | ALT-PU-2021-4503-1 | - | Исправлено |
MySQL | p10 | 8.0.24-alt1 | 8.0.36-alt1 | ALT-PU-2021-1686-1 | 270391 | Исправлено |
MySQL | p9 | 8.0.25-alt2 | 8.0.26-alt2 | ALT-PU-2021-2380-1 | 277424 | Исправлено |
MySQL | c10f1 | 8.0.24-alt1 | 8.0.37-alt1 | ALT-PU-2021-1686-1 | 270391 | Исправлено |
MySQL | c9f2 | 8.0.26-alt2 | 8.0.36-alt0.c9.1 | ALT-PU-2021-3668-1 | 291746 | Исправлено |
MySQL | p11 | 8.0.24-alt1 | 8.0.37-alt1.1 | ALT-PU-2021-1686-1 | 270391 | Исправлено |
krb5 | sisyphus | 1.18.3-alt1 | 1.21.2-alt2 | ALT-PU-2020-3361-1 | 262109 | Исправлено |
krb5 | p10 | 1.18.3-alt1 | 1.19.4-alt3 | ALT-PU-2020-3361-1 | 262109 | Исправлено |
krb5 | p9 | 1.17.2-alt1 | 1.17.2-alt5 | ALT-PU-2020-3405-1 | 262110 | Исправлено |
krb5 | c10f1 | 1.18.3-alt1 | 1.19.4-alt3 | ALT-PU-2020-3361-1 | 262109 | Исправлено |
krb5 | c9f2 | 1.17.2-alt1 | 1.17.2-alt5 | ALT-PU-2021-2079-1 | 271795 | Исправлено |
krb5 | p11 | 1.18.3-alt1 | 1.21.2-alt2 | ALT-PU-2020-3361-1 | 262109 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd |
|
[debian-lts-announce] 20201107 [SECURITY] [DLA 2437-1] krb5 security update |
|
GLSA-202011-17 |
|
DSA-4795 |
|
https://security.netapp.com/advisory/ntap-20201202-0001/ |
|
https://security.netapp.com/advisory/ntap-20210513-0002/ |
|
https://www.oracle.com/security-alerts/cpuApr2021.html |
|
N/A |
|
https://www.oracle.com/security-alerts/cpuapr2022.html |
|
FEDORA-2020-32193cbbe6 | |
FEDORA-2020-27b577ab23 | |
FEDORA-2020-0df38b2843 | |
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 | |
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 |