-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2437-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 07, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : krb5 Version : 1.15-1+deb9u2 CVE ID : CVE-2020-28196 Debian Bug : #973880 It was discovered that there was a denial of service vulnerability in the MIT Kerberos network authentication system, krb5. The lack of a limit in the ASN.1 decoder could lead to infinite recursion and allow an attacker to overrun the stack and cause the process to crash. For Debian 9 "Stretch", this problem has been fixed in version 1.15-1+deb9u2. We recommend that you upgrade your krb5 packages. For the detailed security status of krb5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/krb5 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl+mlKoACgkQHpU+J9Qx HlgpLA//c/KRn+a4bAWlg6QhNCEJ79vD8oCBm9rB2eZC2yK4Wv+K0GQifYwom+mZ fDXSN9O68AoualGkacS0Tl894lTr/SgoGR/KOTpqHfph0MXxJi0oRjH6yGC49B8A Sbt1AG9lNGeibA2b/YO/D2gnmLSO81IX6ojIEbi5yl7KWHRZfsUJxpV9sDMbXFKB Zx/csrM8/j2xK3tq9usIIM3kFj1rKO/ajRW/GwoYPs6UkdgGTZx5ACpVYoXJDdJx q7Er0ZhN9ulEycTZ9EoAbfXoo9g5l/b/XisPO2TBugU+7612CsrwWajc+m5XGxMl tzsKtw33EEStiNAvG0RLYWYX+ISePQEVoFLWf+b4g1aMIHTquU9nuC1Et7ZF/Ab5 wE6uFI+o/Q4Ec9jeqRSrZLQqOpFPffGYZ3syznRhX8asqVmDC5JcIDxvNG+PCK5l K5stZks2rHyi8fB6wsOP1S7r1OPoIXAKNPyq9DxfGCnMHoYBpKTXkClBN9nhfyRa ms5Ei5uWXcgPvWS7REBDCTA4oiosdDq6BGLCMcD2BiuUeVZOGbJv941pe4fz0iWn qZDFeMXqyrMc19M/gc3y4ldOLgwJu/FmnD/Fgw5Uio78Ff/SUpRx4y19KUGMgO1m i7Zb9P9wsJeqsO+hclKrmV6iCHAwGrGYIzniXn1IlxDe5ZVURjM= =+BIC -----END PGP SIGNATURE-----
