openSUSE Security Update: Security update for krb5 ______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0854-1 Rating: moderate References: #1057662 #1081725 #1083926 #1083927 Cross-References: CVE-2018-5729 CVE-2018-5730 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________
An update that solves two vulnerabilities and has two fixes is now available.
Description:
This update for krb5 provides the following fixes:
Security issues fixed:
- CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926).
Non-security issues fixed:
- Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662) - Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-328=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
krb5-1.12.5-16.1 krb5-client-1.12.5-16.1 krb5-client-debuginfo-1.12.5-16.1 krb5-debuginfo-1.12.5-16.1 krb5-debugsource-1.12.5-16.1 krb5-devel-1.12.5-16.1 krb5-doc-1.12.5-16.1 krb5-mini-1.12.5-16.1 krb5-mini-debuginfo-1.12.5-16.1 krb5-mini-debugsource-1.12.5-16.1 krb5-mini-devel-1.12.5-16.1 krb5-plugin-kdb-ldap-1.12.5-16.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-16.1 krb5-plugin-preauth-otp-1.12.5-16.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-16.1 krb5-plugin-preauth-pkinit-1.12.5-16.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-16.1 krb5-server-1.12.5-16.1 krb5-server-debuginfo-1.12.5-16.1
- openSUSE Leap 42.3 (x86_64):
krb5-32bit-1.12.5-16.1 krb5-debuginfo-32bit-1.12.5-16.1 krb5-devel-32bit-1.12.5-16.1
References:
https://www.suse.com/security/cve/CVE-2018-5729.html https://www.suse.com/security/cve/CVE-2018-5730.html https://bugzilla.suse.com/1057662 https://bugzilla.suse.com/1081725 https://bugzilla.suse.com/1083926 https://bugzilla.suse.com/1083927