ALSA-2023:2570

[ALSA-2023:2570] Moderate: krb5 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-05-12

Description:

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

The following packages have been upgraded to a later upstream version: krb5 (1.20.1). (BZ#2016312)

Security Fix(es):

* Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	krb5-workstation-1.20.1-8.el9.aarch64.rpm	066965b78711a9836a412144b4363c7899ad808ef2d1786718371e3add22c658
aarch64	krb5-pkinit-1.20.1-8.el9.aarch64.rpm	1656dc3ef996df76f0f0625e1f9dff913bc7f9d13f89b1909feff15a99247648
aarch64	libkadm5-1.20.1-8.el9.aarch64.rpm	2ff20512514575f7bef9ccf57fa2fbb86874bf3b9e7332c9e602d695fa948f61
aarch64	krb5-server-1.20.1-8.el9.aarch64.rpm	3e35ec4206a60a8a3d622c8b180bd77cc5573718811b780cbeda5d4de8f6259b
aarch64	krb5-libs-1.20.1-8.el9.aarch64.rpm	6431276378999044f2cc23680e55c6c89e5c208f1643434c2a9557bba406612b
aarch64	krb5-devel-1.20.1-8.el9.aarch64.rpm	e5c6170702fb2b1750fe1e5d32f4fb3aaec377fc3f058c777bb8513a393554e4
aarch64	krb5-server-ldap-1.20.1-8.el9.aarch64.rpm	f1db96a17a44c1e004c01eb328bacbd06ea2e89b38d59ebc2a632dfb1634b02c
i686	krb5-devel-1.20.1-8.el9.i686.rpm	498187e418c061df242225f8959b8e868a6fc0491168d6a9f27254fb7fca0f15
i686	krb5-libs-1.20.1-8.el9.i686.rpm	50b56334189408a8c495f39df375ccbfd569c25c3a4fceabcd17aeb793d5eab7
i686	libkadm5-1.20.1-8.el9.i686.rpm	c736f4307fe3a40180044a475ff811a4b09f2773b610636c62f45f59aa5bb402
i686	krb5-server-1.20.1-8.el9.i686.rpm	ca71b2a8396a47653231e5ed64edb5606cf34c554628a1494148a3cb6b39bd70
i686	krb5-pkinit-1.20.1-8.el9.i686.rpm	e41dce27746799191b01cbd03d3e5bb920323a7f724ed4dc8bbc47296e0c61ce
i686	krb5-server-ldap-1.20.1-8.el9.i686.rpm	e768a5c87623a40197b57607825e6da16772acff5a6f24e503ae2d81b7904282
ppc64le	krb5-pkinit-1.20.1-8.el9.ppc64le.rpm	24be503263dbd7f3f8947f60c0ed185a833d388a27c36b8f3e6191ac037cad4d
ppc64le	krb5-server-1.20.1-8.el9.ppc64le.rpm	37f606f2b57748dca9aefb5c1393e4a4455ad50397676c20a4edaae090111b40
ppc64le	krb5-server-ldap-1.20.1-8.el9.ppc64le.rpm	3fa6690962cf4b95d0772a60453d4366c31e80aadb471a0288e1a85f63b7ac28
ppc64le	krb5-workstation-1.20.1-8.el9.ppc64le.rpm	5bd61290bbf6faff620b8300f08f64c1e667ad6de58962f8ec6701c22bb3af5b
ppc64le	libkadm5-1.20.1-8.el9.ppc64le.rpm	68c1aeeacc35f7f06425e654dfbc27b0ca5ac5903b39d78662e044c8d80f2e1c
ppc64le	krb5-devel-1.20.1-8.el9.ppc64le.rpm	cdcbb32bf2ba599e9666eafafdf529e5a6e906ef88693f9ff6a40fb64ecb92df
ppc64le	krb5-libs-1.20.1-8.el9.ppc64le.rpm	cfe693a088f404e97c233303544eac2a588f5d30a7e44fafebb6084b1b645a8c
s390x	krb5-pkinit-1.20.1-8.el9.s390x.rpm	04bb2c37d1232010c83bf08f45055db93f7ac17cf374b1649185566b17a421aa
s390x	krb5-devel-1.20.1-8.el9.s390x.rpm	074acb93a69fee1144b61e71432c54710cde44a4c1fdf025dec23d6043e6e386
s390x	krb5-server-1.20.1-8.el9.s390x.rpm	0f8198f3565800d1febc8adc7ab60512ed19da9fea0931025f18c1e9c6ac9f00
s390x	krb5-workstation-1.20.1-8.el9.s390x.rpm	6662683086f73e9d24be3f908780f826a4db486ff158b0c11a520e31b2b0182e
s390x	krb5-libs-1.20.1-8.el9.s390x.rpm	8aee12db2b06a65a70a0188cf3b7fa706d0b453b302d6b14105719a35d87ef32
s390x	libkadm5-1.20.1-8.el9.s390x.rpm	c2b28b6a8a8271a6774d6bba87e4e82406b2dae699c51b69cd17c21dcf395294
s390x	krb5-server-ldap-1.20.1-8.el9.s390x.rpm	fb0b2a2a986eac9881374d22c7c115add84afe0a8e74c95a23a6b6c9271e021f
x86_64	krb5-server-ldap-1.20.1-8.el9.x86_64.rpm	35757978d39079f0a9b848955efcb8558b2666d8cc2c2128562603350d2089dc
x86_64	krb5-libs-1.20.1-8.el9.x86_64.rpm	4b77ffdc152727fd1ec01e06b84075947bd3e12cf95d71db63f4792bf3306949
x86_64	krb5-server-1.20.1-8.el9.x86_64.rpm	6d050eb8ade1540399bf0d66a32ed18d4dbda626ab050fb03603338254996b89
x86_64	krb5-devel-1.20.1-8.el9.x86_64.rpm	71adc11b59284969b0053d4906052c362cb41d3f1bfb94883cfa5b9a4a1b1109
x86_64	krb5-workstation-1.20.1-8.el9.x86_64.rpm	b87ae67029b5bd07cd9dcd92501849a7a385ca1317339883097aa19147f51995
x86_64	krb5-pkinit-1.20.1-8.el9.x86_64.rpm	c87db19b1ea7921b0dad7752857faad82be330111856b14b4ee3f8dcee46f669
x86_64	libkadm5-1.20.1-8.el9.x86_64.rpm	db9b1043e0a4205718f6f080cf070115af8dd80740d78e5b634c54794458ed63

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.