Vulnerability BDU:2023-03437: Information
Description
Уязвимость реализации сетевого протокола Kerberos операционных систем Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, Альт 8 СП, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
MySQL | sisyphus | 8.0.24-alt1 | 8.0.37-alt1.1 | ALT-PU-2021-1686-1 | 270391 | Fixed |
MySQL | sisyphus_riscv64 | 8.0.27-alt1.0.rv64 | 8.0.37-alt0.port | ALT-PU-2021-4503-1 | - | Fixed |
MySQL | p10 | 8.0.24-alt1 | 8.0.36-alt1 | ALT-PU-2021-1686-1 | 270391 | Fixed |
MySQL | p9 | 8.0.25-alt2 | 8.0.26-alt2 | ALT-PU-2021-2380-1 | 277424 | Fixed |
MySQL | c10f1 | 8.0.24-alt1 | 8.0.37-alt1 | ALT-PU-2021-1686-1 | 270391 | Fixed |
MySQL | c9f2 | 8.0.26-alt2 | 8.0.36-alt0.c9.1 | ALT-PU-2021-3668-1 | 291746 | Fixed |
MySQL | p11 | 8.0.24-alt1 | 8.0.37-alt1.1 | ALT-PU-2021-1686-1 | 270391 | Fixed |
krb5 | sisyphus | 1.18.3-alt1 | 1.21.2-alt2 | ALT-PU-2020-3361-1 | 262109 | Fixed |
krb5 | p10 | 1.18.3-alt1 | 1.19.4-alt3 | ALT-PU-2020-3361-1 | 262109 | Fixed |
krb5 | p9 | 1.17.2-alt1 | 1.17.2-alt5 | ALT-PU-2020-3405-1 | 262110 | Fixed |
krb5 | c10f1 | 1.18.3-alt1 | 1.19.4-alt3 | ALT-PU-2020-3361-1 | 262109 | Fixed |
krb5 | c9f2 | 1.17.2-alt1 | 1.17.2-alt5 | ALT-PU-2021-2079-1 | 271795 | Fixed |
krb5 | p11 | 1.18.3-alt1 | 1.21.2-alt2 | ALT-PU-2020-3361-1 | 262109 | Fixed |
References to Advisories, Solutions, and Tools
Vulnerability Status | Подтверждена производителем |
Presence of an exploit | Данные уточняются |
Fix status | Уязвимость устранена |
Software Type | Операционная система, Прикладное ПО информационных систем, СУБД, ПО виртуализации/ПО виртуального программно-аппаратного средства |
Solution | Использование рекомендаций: Для Kerberos: https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd Для программных продуктов Oracle Corp.: https://www.oracle.com/security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html Для VMware ESXi: Обновление 7.0U3i-20842708 для гипервизора VMware ESXi 7.0 Обновление 8.0b-21203435 для гипервизора VMware ESXi 8.0 Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/ Для 8 СП: https://cve.basealt.ru/ Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2020-28196 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2020-28196 Для Ubuntu: https://ubuntu.com/security/notices/USN-4635-1 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения krb5 до версии 1.17-3+deb10u2 Для ОС ОН «Стрелец»: Обновление программного обеспечения krb5 до версии 1.15-1+deb9u3 |
Sources | https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd https://www.oracle.com/security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/ https://cve.basealt.ru/ https://security-tracker.debian.org/tracker/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28196 https://ubuntu.com/security/notices/USN-4635-1 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80b-release-notes/index.html https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3i-release-notes.html https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 |
Other system identifiers |