Denial of Service in krb5
ID: | FEDORA-2018-7db7ccda4d |
Distribution: | Fedora |
Plattformen: | Fedora 29 |
Datum: | Mo, 24. Dezember 2018, 09:34 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217 |
Applikationen: | MIT Kerberos |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-7db7ccda4d 2018-12-24 06:06:55.202771 -------------------------------------------------------------------------------- Name : krb5 Product : Fedora 29 Version : 1.16.1 Release : 22.fc29 URL : http://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form. -------------------------------------------------------------------------------- Update Information: Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.) -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 20 2018 Robbie Harwood |