USN-4635-1: Kerberos vulnerability
17 November 2020
Kerberos could be made to consume unlimited resources if it received specially crafted ASN.1.
Releases
Packages
- krb5 - MIT Kerberos Network Authentication Protocol
Details
Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1.
An attacker could possibly use this issue to cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10
-
krb5-admin-server
-
1.17-10ubuntu0.1
-
krb5-k5tls
-
1.17-10ubuntu0.1
-
krb5-kdc
-
1.17-10ubuntu0.1
-
krb5-kdc-ldap
-
1.17-10ubuntu0.1
-
krb5-kpropd
-
1.17-10ubuntu0.1
-
krb5-locales
-
1.17-10ubuntu0.1
-
krb5-multidev
-
1.17-10ubuntu0.1
-
krb5-otp
-
1.17-10ubuntu0.1
-
krb5-pkinit
-
1.17-10ubuntu0.1
-
krb5-user
-
1.17-10ubuntu0.1
-
libgssapi-krb5-2
-
1.17-10ubuntu0.1
-
libgssrpc4
-
1.17-10ubuntu0.1
-
libk5crypto3
-
1.17-10ubuntu0.1
-
libkadm5clnt-mit11
-
1.17-10ubuntu0.1
-
libkadm5srv-mit11
-
1.17-10ubuntu0.1
-
libkdb5-9
-
1.17-10ubuntu0.1
-
libkrad0
-
1.17-10ubuntu0.1
-
libkrb5-3
-
1.17-10ubuntu0.1
-
libkrb5support0
-
1.17-10ubuntu0.1
Ubuntu 20.04
-
krb5-admin-server
-
1.17-6ubuntu4.1
-
krb5-k5tls
-
1.17-6ubuntu4.1
-
krb5-kdc
-
1.17-6ubuntu4.1
-
krb5-kdc-ldap
-
1.17-6ubuntu4.1
-
krb5-kpropd
-
1.17-6ubuntu4.1
-
krb5-locales
-
1.17-6ubuntu4.1
-
krb5-multidev
-
1.17-6ubuntu4.1
-
krb5-otp
-
1.17-6ubuntu4.1
-
krb5-pkinit
-
1.17-6ubuntu4.1
-
krb5-user
-
1.17-6ubuntu4.1
-
libgssapi-krb5-2
-
1.17-6ubuntu4.1
-
libgssrpc4
-
1.17-6ubuntu4.1
-
libk5crypto3
-
1.17-6ubuntu4.1
-
libkadm5clnt-mit11
-
1.17-6ubuntu4.1
-
libkadm5srv-mit11
-
1.17-6ubuntu4.1
-
libkdb5-9
-
1.17-6ubuntu4.1
-
libkrad0
-
1.17-6ubuntu4.1
-
libkrb5-3
-
1.17-6ubuntu4.1
-
libkrb5support0
-
1.17-6ubuntu4.1
Ubuntu 18.04
-
krb5-admin-server
-
1.16-2ubuntu0.2
-
krb5-k5tls
-
1.16-2ubuntu0.2
-
krb5-kdc
-
1.16-2ubuntu0.2
-
krb5-kdc-ldap
-
1.16-2ubuntu0.2
-
krb5-kpropd
-
1.16-2ubuntu0.2
-
krb5-locales
-
1.16-2ubuntu0.2
-
krb5-otp
-
1.16-2ubuntu0.2
-
krb5-pkinit
-
1.16-2ubuntu0.2
-
krb5-user
-
1.16-2ubuntu0.2
-
libgssapi-krb5-2
-
1.16-2ubuntu0.2
-
libgssrpc4
-
1.16-2ubuntu0.2
-
libk5crypto3
-
1.16-2ubuntu0.2
-
libkadm5clnt-mit11
-
1.16-2ubuntu0.2
-
libkadm5srv-mit11
-
1.16-2ubuntu0.2
-
libkdb5-9
-
1.16-2ubuntu0.2
-
libkrad0
-
1.16-2ubuntu0.2
-
libkrb5-3
-
1.16-2ubuntu0.2
-
libkrb5support0
-
1.16-2ubuntu0.2
Ubuntu 16.04
-
krb5-admin-server
-
1.13.2+dfsg-5ubuntu2.2
-
krb5-k5tls
-
1.13.2+dfsg-5ubuntu2.2
-
krb5-kdc
-
1.13.2+dfsg-5ubuntu2.2
-
krb5-kdc-ldap
-
1.13.2+dfsg-5ubuntu2.2
-
krb5-locales
-
1.13.2+dfsg-5ubuntu2.2
-
krb5-multidev
-
1.13.2+dfsg-5ubuntu2.2
-
krb5-otp
-
1.13.2+dfsg-5ubuntu2.2
-
krb5-pkinit
-
1.13.2+dfsg-5ubuntu2.2
-
krb5-user
-
1.13.2+dfsg-5ubuntu2.2
-
libgssapi-krb5-2
-
1.13.2+dfsg-5ubuntu2.2
-
libgssrpc4
-
1.13.2+dfsg-5ubuntu2.2
-
libk5crypto3
-
1.13.2+dfsg-5ubuntu2.2
-
libkadm5clnt-mit9
-
1.13.2+dfsg-5ubuntu2.2
-
libkadm5srv-mit9
-
1.13.2+dfsg-5ubuntu2.2
-
libkdb5-8
-
1.13.2+dfsg-5ubuntu2.2
-
libkrad0
-
1.13.2+dfsg-5ubuntu2.2
-
libkrb5-3
-
1.13.2+dfsg-5ubuntu2.2
-
libkrb5support0
-
1.13.2+dfsg-5ubuntu2.2
Ubuntu 14.04
-
krb5-admin-server
-
1.12+dfsg-2ubuntu5.4+esm2
-
krb5-kdc
-
1.12+dfsg-2ubuntu5.4+esm2
-
krb5-kdc-ldap
-
1.12+dfsg-2ubuntu5.4+esm2
-
krb5-locales
-
1.12+dfsg-2ubuntu5.4+esm2
-
krb5-multidev
-
1.12+dfsg-2ubuntu5.4+esm2
-
krb5-otp
-
1.12+dfsg-2ubuntu5.4+esm2
-
krb5-pkinit
-
1.12+dfsg-2ubuntu5.4+esm2
-
krb5-user
-
1.12+dfsg-2ubuntu5.4+esm2
-
libgssapi-krb5-2
-
1.12+dfsg-2ubuntu5.4+esm2
-
libgssrpc4
-
1.12+dfsg-2ubuntu5.4+esm2
-
libk5crypto3
-
1.12+dfsg-2ubuntu5.4+esm2
-
libkadm5clnt-mit9
-
1.12+dfsg-2ubuntu5.4+esm2
-
libkadm5srv-mit8
-
1.12+dfsg-2ubuntu5.4+esm2
-
libkadm5srv-mit9
-
1.12+dfsg-2ubuntu5.4+esm2
-
libkdb5-7
-
1.12+dfsg-2ubuntu5.4+esm2
-
libkrad0
-
1.12+dfsg-2ubuntu5.4+esm2
-
libkrb5-3
-
1.12+dfsg-2ubuntu5.4+esm2
-
libkrb5support0
-
1.12+dfsg-2ubuntu5.4+esm2
In general, a standard system update will make all the necessary changes.