Vulnerability CVE-2019-14844: Information
Description
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| krb5 | sisyphus | 1.18.2-alt2 | 1.21.2-alt2 | ALT-PU-2020-2345-1 | 254565 | Fixed |
| krb5 | p10 | 1.18.2-alt2 | 1.19.4-alt3 | ALT-PU-2020-2345-1 | 254565 | Fixed |
| krb5 | p9 | 1.17.2-alt1 | 1.17.2-alt5 | ALT-PU-2020-3405-1 | 262110 | Fixed |
| krb5 | c10f1 | 1.18.2-alt2 | 1.19.4-alt3 | ALT-PU-2020-2345-1 | 254565 | Fixed |
| krb5 | c9f2 | 1.17.2-alt1 | 1.17.2-alt5 | ALT-PU-2021-2079-1 | 271795 | Fixed |