USN-4635-1: Kerberos vulnerability

Releases

• Ubuntu 20.10
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 14.04 ESM

Packages

• krb5 - MIT Kerberos Network Authentication Protocol

Details

Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1.
An attacker could possibly use this issue to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10

• krb5-admin-server - 1.17-10ubuntu0.1
• krb5-k5tls - 1.17-10ubuntu0.1
• krb5-kdc - 1.17-10ubuntu0.1
• krb5-kdc-ldap - 1.17-10ubuntu0.1
• krb5-kpropd - 1.17-10ubuntu0.1
• krb5-locales - 1.17-10ubuntu0.1
• krb5-multidev - 1.17-10ubuntu0.1
• krb5-otp - 1.17-10ubuntu0.1
• krb5-pkinit - 1.17-10ubuntu0.1
• krb5-user - 1.17-10ubuntu0.1
• libgssapi-krb5-2 - 1.17-10ubuntu0.1
• libgssrpc4 - 1.17-10ubuntu0.1
• libk5crypto3 - 1.17-10ubuntu0.1
• libkadm5clnt-mit11 - 1.17-10ubuntu0.1
• libkadm5srv-mit11 - 1.17-10ubuntu0.1
• libkdb5-9 - 1.17-10ubuntu0.1
• libkrad0 - 1.17-10ubuntu0.1
• libkrb5-3 - 1.17-10ubuntu0.1
• libkrb5support0 - 1.17-10ubuntu0.1

Ubuntu 20.04

• krb5-admin-server - 1.17-6ubuntu4.1
• krb5-k5tls - 1.17-6ubuntu4.1
• krb5-kdc - 1.17-6ubuntu4.1
• krb5-kdc-ldap - 1.17-6ubuntu4.1
• krb5-kpropd - 1.17-6ubuntu4.1
• krb5-locales - 1.17-6ubuntu4.1
• krb5-multidev - 1.17-6ubuntu4.1
• krb5-otp - 1.17-6ubuntu4.1
• krb5-pkinit - 1.17-6ubuntu4.1
• krb5-user - 1.17-6ubuntu4.1
• libgssapi-krb5-2 - 1.17-6ubuntu4.1
• libgssrpc4 - 1.17-6ubuntu4.1
• libk5crypto3 - 1.17-6ubuntu4.1
• libkadm5clnt-mit11 - 1.17-6ubuntu4.1
• libkadm5srv-mit11 - 1.17-6ubuntu4.1
• libkdb5-9 - 1.17-6ubuntu4.1
• libkrad0 - 1.17-6ubuntu4.1
• libkrb5-3 - 1.17-6ubuntu4.1
• libkrb5support0 - 1.17-6ubuntu4.1

Ubuntu 18.04

• krb5-admin-server - 1.16-2ubuntu0.2
• krb5-k5tls - 1.16-2ubuntu0.2
• krb5-kdc - 1.16-2ubuntu0.2
• krb5-kdc-ldap - 1.16-2ubuntu0.2
• krb5-kpropd - 1.16-2ubuntu0.2
• krb5-locales - 1.16-2ubuntu0.2
• krb5-otp - 1.16-2ubuntu0.2
• krb5-pkinit - 1.16-2ubuntu0.2
• krb5-user - 1.16-2ubuntu0.2
• libgssapi-krb5-2 - 1.16-2ubuntu0.2
• libgssrpc4 - 1.16-2ubuntu0.2
• libk5crypto3 - 1.16-2ubuntu0.2
• libkadm5clnt-mit11 - 1.16-2ubuntu0.2
• libkadm5srv-mit11 - 1.16-2ubuntu0.2
• libkdb5-9 - 1.16-2ubuntu0.2
• libkrad0 - 1.16-2ubuntu0.2
• libkrb5-3 - 1.16-2ubuntu0.2
• libkrb5support0 - 1.16-2ubuntu0.2

Ubuntu 16.04

• krb5-admin-server - 1.13.2+dfsg-5ubuntu2.2
• krb5-k5tls - 1.13.2+dfsg-5ubuntu2.2
• krb5-kdc - 1.13.2+dfsg-5ubuntu2.2
• krb5-kdc-ldap - 1.13.2+dfsg-5ubuntu2.2
• krb5-locales - 1.13.2+dfsg-5ubuntu2.2
• krb5-multidev - 1.13.2+dfsg-5ubuntu2.2
• krb5-otp - 1.13.2+dfsg-5ubuntu2.2
• krb5-pkinit - 1.13.2+dfsg-5ubuntu2.2
• krb5-user - 1.13.2+dfsg-5ubuntu2.2
• libgssapi-krb5-2 - 1.13.2+dfsg-5ubuntu2.2
• libgssrpc4 - 1.13.2+dfsg-5ubuntu2.2
• libk5crypto3 - 1.13.2+dfsg-5ubuntu2.2
• libkadm5clnt-mit9 - 1.13.2+dfsg-5ubuntu2.2
• libkadm5srv-mit9 - 1.13.2+dfsg-5ubuntu2.2
• libkdb5-8 - 1.13.2+dfsg-5ubuntu2.2
• libkrad0 - 1.13.2+dfsg-5ubuntu2.2
• libkrb5-3 - 1.13.2+dfsg-5ubuntu2.2
• libkrb5support0 - 1.13.2+dfsg-5ubuntu2.2

Ubuntu 14.04

• krb5-admin-server - 1.12+dfsg-2ubuntu5.4+esm2
• krb5-kdc - 1.12+dfsg-2ubuntu5.4+esm2
• krb5-kdc-ldap - 1.12+dfsg-2ubuntu5.4+esm2
• krb5-locales - 1.12+dfsg-2ubuntu5.4+esm2
• krb5-multidev - 1.12+dfsg-2ubuntu5.4+esm2
• krb5-otp - 1.12+dfsg-2ubuntu5.4+esm2
• krb5-pkinit - 1.12+dfsg-2ubuntu5.4+esm2
• krb5-user - 1.12+dfsg-2ubuntu5.4+esm2
• libgssapi-krb5-2 - 1.12+dfsg-2ubuntu5.4+esm2
• libgssrpc4 - 1.12+dfsg-2ubuntu5.4+esm2
• libk5crypto3 - 1.12+dfsg-2ubuntu5.4+esm2
• libkadm5clnt-mit9 - 1.12+dfsg-2ubuntu5.4+esm2
• libkadm5srv-mit8 - 1.12+dfsg-2ubuntu5.4+esm2
• libkadm5srv-mit9 - 1.12+dfsg-2ubuntu5.4+esm2
• libkdb5-7 - 1.12+dfsg-2ubuntu5.4+esm2
• libkrad0 - 1.12+dfsg-2ubuntu5.4+esm2
• libkrb5-3 - 1.12+dfsg-2ubuntu5.4+esm2
• libkrb5support0 - 1.12+dfsg-2ubuntu5.4+esm2

In general, a standard system update will make all the necessary changes.

References

• CVE-2020-28196