USN-5828-1: Kerberos vulnerabilities
25 January 2023
Several security issues were fixed in Kerberos.
Releases
Packages
- krb5 - MIT Kerberos Network Authentication Protocol
Details
It was discovered that Kerberos incorrectly handled certain S4U2Self
requests. An attacker could possibly use this issue to cause a denial of
service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu
18.04 LTS. (CVE-2018-20217)
Greg Hudson discovered that Kerberos PAC implementation incorrectly
handled certain parsing operations. A remote attacker could use this
issue to cause a denial of service, or possibly execute arbitrary code.
(CVE-2022-42898)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
-
krb5-user
-
1.20-1ubuntu0.1
-
libkdb5-10
-
1.20-1ubuntu0.1
-
libgssapi-krb5-2
-
1.20-1ubuntu0.1
-
krb5-kdc
-
1.20-1ubuntu0.1
-
krb5-admin-server
-
1.20-1ubuntu0.1
Ubuntu 22.04
-
krb5-user
-
1.19.2-2ubuntu0.1
-
libkdb5-10
-
1.19.2-2ubuntu0.1
-
libgssapi-krb5-2
-
1.19.2-2ubuntu0.1
-
krb5-kdc
-
1.19.2-2ubuntu0.1
-
krb5-admin-server
-
1.19.2-2ubuntu0.1
Ubuntu 20.04
-
libkdb5-9
-
1.17-6ubuntu4.2
-
krb5-user
-
1.17-6ubuntu4.2
-
libgssapi-krb5-2
-
1.17-6ubuntu4.2
-
krb5-kdc
-
1.17-6ubuntu4.2
-
krb5-admin-server
-
1.17-6ubuntu4.2
Ubuntu 18.04
-
libkdb5-9
-
1.16-2ubuntu0.3
-
krb5-user
-
1.16-2ubuntu0.3
-
libgssapi-krb5-2
-
1.16-2ubuntu0.3
-
krb5-kdc
-
1.16-2ubuntu0.3
-
krb5-admin-server
-
1.16-2ubuntu0.3
Ubuntu 16.04
-
krb5-user
-
1.13.2+dfsg-5ubuntu2.2+esm3
Available with Ubuntu Pro
-
libgssapi-krb5-2
-
1.13.2+dfsg-5ubuntu2.2+esm3
Available with Ubuntu Pro
-
krb5-kdc
-
1.13.2+dfsg-5ubuntu2.2+esm3
Available with Ubuntu Pro
-
libkdb5-8
-
1.13.2+dfsg-5ubuntu2.2+esm3
Available with Ubuntu Pro
-
krb5-admin-server
-
1.13.2+dfsg-5ubuntu2.2+esm3
Available with Ubuntu Pro
Ubuntu 14.04
-
krb5-user
-
1.12+dfsg-2ubuntu5.4+esm3
Available with Ubuntu Pro
-
libgssapi-krb5-2
-
1.12+dfsg-2ubuntu5.4+esm3
Available with Ubuntu Pro
-
krb5-kdc
-
1.12+dfsg-2ubuntu5.4+esm3
Available with Ubuntu Pro
-
libkdb5-7
-
1.12+dfsg-2ubuntu5.4+esm3
Available with Ubuntu Pro
-
krb5-admin-server
-
1.12+dfsg-2ubuntu5.4+esm3
Available with Ubuntu Pro
After a standard system update you need to restart any application
using Kerberos libraries to make all the necessary changes.
References
Related notices
- USN-5800-1: heimdal-docs, libotp0-heimdal, libgssapi3-heimdal, libwind0-heimdal, libhdb9-heimdal, libkrb5-26-heimdal, heimdal-servers-x, heimdal-clients-x, libsl0-heimdal, libkadm5clnt7-heimdal, heimdal-dev, heimdal-kcm, libheimbase1-heimdal, libhx509-5-heimdal, libkafs0-heimdal, libroken18-heimdal, heimdal, libkdc2-heimdal, heimdal-servers, libasn1-8-heimdal, libheimntlm0-heimdal, libhcrypto4-heimdal, heimdal-clients, heimdal-kdc, libkadm5srv8-heimdal, heimdal-multidev
- USN-5822-1: samba-common, samba-vfs-modules, python3-samba, python3-ldb-dev, smbclient, libsmbclient, libsmbclient-dev, samba-dsdb-modules, samba-common-bin, samba-dev, libldb2, samba-libs, libldb-dev, registry-tools, ldb-tools, libpam-winbind, winbind, libwbclient0, libwbclient-dev, ctdb, samba, samba-testsuite, libnss-winbind, python3-ldb
- USN-5936-1: samba-common, samba-vfs-modules, python3-samba, smbclient, libsmbclient, libsmbclient-dev, samba-dsdb-modules, samba-common-bin, samba-dev, samba-libs, registry-tools, libpam-winbind, winbind, libwbclient0, libwbclient-dev, ctdb, samba, samba-testsuite, libnss-winbind