Advisories ยป MGASA-2022-0467

Updated krb5 packages fix security vulnerability

Publication date: 17 Dec 2022
Modification date: 17 Dec 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-42898

Description

Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5,
the MIT implementation of Kerberos, which may result in remote code
execution (in a KDC, kadmin, or GSS or Kerberos application server
process), information exposure (to a cross-realm KDC acting maliciously),
or denial of service (KDC or kadmind process crash).
                

References

SRPMS

8/core