ELSA-2023-2570

ULN >
Oracle Linux Errata repository >
ELSA-2023-2570

ELSA-2023-2570 - krb5 security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2023-05-15

Description

[1.20.1-8.0.1]
- Fixed race condition in krb5_set_password() [Orabug: 33609767]

[1.20.1-8]
- Fix datetime parsing in kadmin on s390x
- Resolves: rhbz#2169985

[1.20.1-7]
- Fix double free on kdb5_util key creation failure
- Resolves: rhbz#2166603

[1.20.1-6]
- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
- Resolves: rhbz#2165827

[1.20.1-5]
- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
- Resolves: rhbz#2162461

[1.20.1-4]
- Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf
- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf
- Resolves: rhbz#2068535

[1.20.1-2]
- Strip debugging data from ksu executable file
- Resolves: rhbz#2159643

[1.20.1-1]
- Make tests compatible with sssd-client
- Resolves: rhbz#2151513
- Remove invalid password expiry warning
- Resolves: rhbz#2121099
- Update error checking for OpenSSL CMS_verify
- Resolves: rhbz#2063838
- New upstream version (1.20.1)
- Resolves: rhbz#2016312
- Fix integer overflows in PAC parsing (CVE-2022-42898)
- Resolves: rhbz#2140971

[1.19.1-23]
- Fix kprop for propagating dump files larger than 4GB
- Resolves: rhbz#2133014

[1.19.1-22]
- Restore 'supportedCMSTypes' attribute in PKINIT preauth requests
- Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms
- Resolves: rhbz#2068935

[1.19.1-21]
- Fix libkrad client cleanup
- Allow use of larger RADIUS attributes in krad library
- Resolves: rhbz#2100351

[1.19.1-20]
- Fix OpenSSL 3 MD5 encyption in FIPS mode
- Allow libkrad UDP/TCP connection to localhost in FIPS mode
- Resolves: rhbz#2068458

[1.19.1-19]
- Use p11-kit as default PKCS11 module
- Resolves: rhbz#2030981

[1.19.1-18]
- Try harder to avoid password change replay errors
- Resolves: rhbz#2075186

[1.19.1-15]
- Use SHA-256 instead of SHA-1 for PKINIT CMS digest

[1.19.1-14]
- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode

[1.19.1-13]
- Remove -specs= from krb5-config output
- Resolves #1997021

[1.19.1-12]
- Fix KDC null deref on TGS inner body null server (CVE-2021-37750)
- Resolves: #1997602

[1.19.1-11.1]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

[1.19.1-11]
- Fix KDC null deref on bad encrypted challenge (CVE-2021-36222)
- Resolves: #1983733

[1.19.1-10]
- Update OpenSSL 3 provider handling to clean up properly
- Resolves: #1955873

[1.19.1-9]
- Sync openssl3 patches with upstream
- Resolves: #1955873

[1.19.1-8]
- Rebuild for rpminspect and mass rebuild cleanup; no code changes
- Resolves: #1967505

[1.19.1-7]
- Fix several fallback canonicalization problems
- Resolves: #1967505

[1.19.1-6.1]
- Rebuilt for RHEL 9 BETA for openssl 3.0
- Resolves: rhbz#1971065

[1.19.1-6]
- Backport KCM retrieval fixes
- Resolves: #1956403

[1.19.1-5]
- Fix DES3 mention in KDFs
- Resolves: #1955873

[1.19.1-4]
- Port to OpenSSL 3 (alpha 15)
- Resolves: #1955873

[1.19.1-3.1]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

Related CVEs

CVE-2020-17049

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	krb5-1.20.1-8.0.1.el9.src.rpm	32c9b3a1a0852ec5d1465ff8b10d6df691d76582c762620ddaa579fa392a7cf6	-	ol9_aarch64_appstream
	krb5-1.20.1-8.0.1.el9.src.rpm	32c9b3a1a0852ec5d1465ff8b10d6df691d76582c762620ddaa579fa392a7cf6	-	ol9_aarch64_appstream_developer
	krb5-1.20.1-8.0.1.el9.src.rpm	32c9b3a1a0852ec5d1465ff8b10d6df691d76582c762620ddaa579fa392a7cf6	-	ol9_aarch64_baseos_developer
	krb5-1.20.1-8.0.1.el9.src.rpm	32c9b3a1a0852ec5d1465ff8b10d6df691d76582c762620ddaa579fa392a7cf6	-	ol9_aarch64_baseos_latest
	krb5-1.20.1-8.0.1.el9.src.rpm	32c9b3a1a0852ec5d1465ff8b10d6df691d76582c762620ddaa579fa392a7cf6	-	ol9_aarch64_u2_baseos_base
	krb5-devel-1.20.1-8.0.1.el9.aarch64.rpm	4c66ec60258dc6380cc90f0cf19f607348be259f128f82b853d5087f4a0983d4	-	ol9_aarch64_appstream
	krb5-devel-1.20.1-8.0.1.el9.aarch64.rpm	4c66ec60258dc6380cc90f0cf19f607348be259f128f82b853d5087f4a0983d4	-	ol9_aarch64_appstream_developer
	krb5-libs-1.20.1-8.0.1.el9.aarch64.rpm	8dad2d72176817b03bbebcb796f3b22611b3b2709dae43b46742309d37b678a5	-	ol9_aarch64_baseos_developer
	krb5-libs-1.20.1-8.0.1.el9.aarch64.rpm	8dad2d72176817b03bbebcb796f3b22611b3b2709dae43b46742309d37b678a5	-	ol9_aarch64_baseos_latest
	krb5-libs-1.20.1-8.0.1.el9.aarch64.rpm	8dad2d72176817b03bbebcb796f3b22611b3b2709dae43b46742309d37b678a5	-	ol9_aarch64_u2_baseos_base
	krb5-pkinit-1.20.1-8.0.1.el9.aarch64.rpm	27f15c3d498a28813b5ba2495f86de2b64b988f66939311bef259461d5c2c71e	-	ol9_aarch64_baseos_developer
	krb5-pkinit-1.20.1-8.0.1.el9.aarch64.rpm	27f15c3d498a28813b5ba2495f86de2b64b988f66939311bef259461d5c2c71e	-	ol9_aarch64_baseos_latest
	krb5-pkinit-1.20.1-8.0.1.el9.aarch64.rpm	27f15c3d498a28813b5ba2495f86de2b64b988f66939311bef259461d5c2c71e	-	ol9_aarch64_u2_baseos_base
	krb5-server-1.20.1-8.0.1.el9.aarch64.rpm	f25be10731517d6e67fb0aa80004c55cf7277e8687414a83be19b31d43541e0c	-	ol9_aarch64_baseos_developer
	krb5-server-1.20.1-8.0.1.el9.aarch64.rpm	f25be10731517d6e67fb0aa80004c55cf7277e8687414a83be19b31d43541e0c	-	ol9_aarch64_baseos_latest
	krb5-server-1.20.1-8.0.1.el9.aarch64.rpm	f25be10731517d6e67fb0aa80004c55cf7277e8687414a83be19b31d43541e0c	-	ol9_aarch64_u2_baseos_base
	krb5-server-ldap-1.20.1-8.0.1.el9.aarch64.rpm	f42fd5e35ecb063fba625b318b41809af9aff6bae5376d4a230101ef3da1f3b8	-	ol9_aarch64_baseos_developer
	krb5-server-ldap-1.20.1-8.0.1.el9.aarch64.rpm	f42fd5e35ecb063fba625b318b41809af9aff6bae5376d4a230101ef3da1f3b8	-	ol9_aarch64_baseos_latest
	krb5-server-ldap-1.20.1-8.0.1.el9.aarch64.rpm	f42fd5e35ecb063fba625b318b41809af9aff6bae5376d4a230101ef3da1f3b8	-	ol9_aarch64_u2_baseos_base
	krb5-workstation-1.20.1-8.0.1.el9.aarch64.rpm	4a0ca4abb3a3d758419873488d0b70993df7f1db012d9fffe424a42a5063dbb9	-	ol9_aarch64_baseos_developer
	krb5-workstation-1.20.1-8.0.1.el9.aarch64.rpm	4a0ca4abb3a3d758419873488d0b70993df7f1db012d9fffe424a42a5063dbb9	-	ol9_aarch64_baseos_latest
	krb5-workstation-1.20.1-8.0.1.el9.aarch64.rpm	4a0ca4abb3a3d758419873488d0b70993df7f1db012d9fffe424a42a5063dbb9	-	ol9_aarch64_u2_baseos_base
	libkadm5-1.20.1-8.0.1.el9.aarch64.rpm	199badf5c3eeac93f2c83eeafd571a6054b12bd6fbb7aaef7b45117b44b0830e	-	ol9_aarch64_baseos_developer
	libkadm5-1.20.1-8.0.1.el9.aarch64.rpm	199badf5c3eeac93f2c83eeafd571a6054b12bd6fbb7aaef7b45117b44b0830e	-	ol9_aarch64_baseos_latest
	libkadm5-1.20.1-8.0.1.el9.aarch64.rpm	199badf5c3eeac93f2c83eeafd571a6054b12bd6fbb7aaef7b45117b44b0830e	-	ol9_aarch64_u2_baseos_base

Oracle Linux 9 (x86_64)	krb5-1.20.1-8.0.1.el9.src.rpm	32c9b3a1a0852ec5d1465ff8b10d6df691d76582c762620ddaa579fa392a7cf6	-	ol9_x86_64_appstream
	krb5-1.20.1-8.0.1.el9.src.rpm	32c9b3a1a0852ec5d1465ff8b10d6df691d76582c762620ddaa579fa392a7cf6	-	ol9_x86_64_appstream_developer
	krb5-1.20.1-8.0.1.el9.src.rpm	32c9b3a1a0852ec5d1465ff8b10d6df691d76582c762620ddaa579fa392a7cf6	-	ol9_x86_64_baseos_developer
	krb5-1.20.1-8.0.1.el9.src.rpm	32c9b3a1a0852ec5d1465ff8b10d6df691d76582c762620ddaa579fa392a7cf6	-	ol9_x86_64_baseos_latest
	krb5-1.20.1-8.0.1.el9.src.rpm	32c9b3a1a0852ec5d1465ff8b10d6df691d76582c762620ddaa579fa392a7cf6	-	ol9_x86_64_u2_baseos_base
	krb5-devel-1.20.1-8.0.1.el9.i686.rpm	287203975bc0c69fb287fb4021a7e222dbaaef1a8579de71649855a67d6a9100	-	ol9_x86_64_appstream
	krb5-devel-1.20.1-8.0.1.el9.i686.rpm	287203975bc0c69fb287fb4021a7e222dbaaef1a8579de71649855a67d6a9100	-	ol9_x86_64_appstream_developer
	krb5-devel-1.20.1-8.0.1.el9.x86_64.rpm	82871b4ba7c0c63b0bf05513920524691f258e74685d850fed662330115bbb64	-	ol9_x86_64_appstream
	krb5-devel-1.20.1-8.0.1.el9.x86_64.rpm	82871b4ba7c0c63b0bf05513920524691f258e74685d850fed662330115bbb64	-	ol9_x86_64_appstream_developer
	krb5-libs-1.20.1-8.0.1.el9.i686.rpm	6817d982bfe4c49053517e057bf2745504831cb3ea96bb9ca3c22331b8b5a54e	-	ol9_x86_64_baseos_developer
	krb5-libs-1.20.1-8.0.1.el9.i686.rpm	6817d982bfe4c49053517e057bf2745504831cb3ea96bb9ca3c22331b8b5a54e	-	ol9_x86_64_baseos_latest
	krb5-libs-1.20.1-8.0.1.el9.i686.rpm	6817d982bfe4c49053517e057bf2745504831cb3ea96bb9ca3c22331b8b5a54e	-	ol9_x86_64_u2_baseos_base
	krb5-libs-1.20.1-8.0.1.el9.x86_64.rpm	decca6d96950eec630be47089a4a76d82ac9edadf1d48df00fe76d11abd85f66	-	ol9_x86_64_baseos_developer
	krb5-libs-1.20.1-8.0.1.el9.x86_64.rpm	decca6d96950eec630be47089a4a76d82ac9edadf1d48df00fe76d11abd85f66	-	ol9_x86_64_baseos_latest
	krb5-libs-1.20.1-8.0.1.el9.x86_64.rpm	decca6d96950eec630be47089a4a76d82ac9edadf1d48df00fe76d11abd85f66	-	ol9_x86_64_u2_baseos_base
	krb5-pkinit-1.20.1-8.0.1.el9.i686.rpm	6a072d5c6d66682c84b93f72c4ee39761b7af8271758a869558d85d86e055541	-	ol9_x86_64_baseos_developer
	krb5-pkinit-1.20.1-8.0.1.el9.i686.rpm	6a072d5c6d66682c84b93f72c4ee39761b7af8271758a869558d85d86e055541	-	ol9_x86_64_baseos_latest
	krb5-pkinit-1.20.1-8.0.1.el9.i686.rpm	6a072d5c6d66682c84b93f72c4ee39761b7af8271758a869558d85d86e055541	-	ol9_x86_64_u2_baseos_base
	krb5-pkinit-1.20.1-8.0.1.el9.x86_64.rpm	1832950b2f3931b9562cb7dbdd9b8b8f9c7085ff1629e807e0c328f191d4981f	-	ol9_x86_64_baseos_developer
	krb5-pkinit-1.20.1-8.0.1.el9.x86_64.rpm	1832950b2f3931b9562cb7dbdd9b8b8f9c7085ff1629e807e0c328f191d4981f	-	ol9_x86_64_baseos_latest
	krb5-pkinit-1.20.1-8.0.1.el9.x86_64.rpm	1832950b2f3931b9562cb7dbdd9b8b8f9c7085ff1629e807e0c328f191d4981f	-	ol9_x86_64_u2_baseos_base
	krb5-server-1.20.1-8.0.1.el9.i686.rpm	7053d52a90f918bbb6a273202a311d9ae75662658489696e2b1637ed59fd3ece	-	ol9_x86_64_baseos_developer
	krb5-server-1.20.1-8.0.1.el9.i686.rpm	7053d52a90f918bbb6a273202a311d9ae75662658489696e2b1637ed59fd3ece	-	ol9_x86_64_baseos_latest
	krb5-server-1.20.1-8.0.1.el9.i686.rpm	7053d52a90f918bbb6a273202a311d9ae75662658489696e2b1637ed59fd3ece	-	ol9_x86_64_u2_baseos_base
	krb5-server-1.20.1-8.0.1.el9.x86_64.rpm	7e73f5089708c47d42b0633e23959deafae0ed2553ae24653e6e2aeb6fa2ff1c	-	ol9_x86_64_baseos_developer
	krb5-server-1.20.1-8.0.1.el9.x86_64.rpm	7e73f5089708c47d42b0633e23959deafae0ed2553ae24653e6e2aeb6fa2ff1c	-	ol9_x86_64_baseos_latest
	krb5-server-1.20.1-8.0.1.el9.x86_64.rpm	7e73f5089708c47d42b0633e23959deafae0ed2553ae24653e6e2aeb6fa2ff1c	-	ol9_x86_64_u2_baseos_base
	krb5-server-ldap-1.20.1-8.0.1.el9.i686.rpm	c85994a01bb490e1447b77abce1258c83b06d4a2984f01a1a9cec866bcde8387	-	ol9_x86_64_baseos_developer
	krb5-server-ldap-1.20.1-8.0.1.el9.i686.rpm	c85994a01bb490e1447b77abce1258c83b06d4a2984f01a1a9cec866bcde8387	-	ol9_x86_64_baseos_latest
	krb5-server-ldap-1.20.1-8.0.1.el9.i686.rpm	c85994a01bb490e1447b77abce1258c83b06d4a2984f01a1a9cec866bcde8387	-	ol9_x86_64_u2_baseos_base
	krb5-server-ldap-1.20.1-8.0.1.el9.x86_64.rpm	7496bdd175636afcfe851f95d7a44c5cf388a13bfd1d600e86fd83f28fc101b9	-	ol9_x86_64_baseos_developer
	krb5-server-ldap-1.20.1-8.0.1.el9.x86_64.rpm	7496bdd175636afcfe851f95d7a44c5cf388a13bfd1d600e86fd83f28fc101b9	-	ol9_x86_64_baseos_latest
	krb5-server-ldap-1.20.1-8.0.1.el9.x86_64.rpm	7496bdd175636afcfe851f95d7a44c5cf388a13bfd1d600e86fd83f28fc101b9	-	ol9_x86_64_u2_baseos_base
	krb5-workstation-1.20.1-8.0.1.el9.x86_64.rpm	7b5241bda6ada5a0c074c626feb3bb20a3d8d42c17cc093ca4a4160489c060ed	-	ol9_x86_64_baseos_developer
	krb5-workstation-1.20.1-8.0.1.el9.x86_64.rpm	7b5241bda6ada5a0c074c626feb3bb20a3d8d42c17cc093ca4a4160489c060ed	-	ol9_x86_64_baseos_latest
	krb5-workstation-1.20.1-8.0.1.el9.x86_64.rpm	7b5241bda6ada5a0c074c626feb3bb20a3d8d42c17cc093ca4a4160489c060ed	-	ol9_x86_64_u2_baseos_base
	libkadm5-1.20.1-8.0.1.el9.i686.rpm	600b7b4a54d8b8614e83cbb04b1aa4e8381e6e48ed329ea09f6feafddcab1128	-	ol9_x86_64_baseos_developer
	libkadm5-1.20.1-8.0.1.el9.i686.rpm	600b7b4a54d8b8614e83cbb04b1aa4e8381e6e48ed329ea09f6feafddcab1128	-	ol9_x86_64_baseos_latest
	libkadm5-1.20.1-8.0.1.el9.i686.rpm	600b7b4a54d8b8614e83cbb04b1aa4e8381e6e48ed329ea09f6feafddcab1128	-	ol9_x86_64_u2_baseos_base
	libkadm5-1.20.1-8.0.1.el9.x86_64.rpm	aa1c6b9a538724b5e486701376d4122321c25d43c42e83e3847037fedf2de6a7	-	ol9_x86_64_baseos_developer
	libkadm5-1.20.1-8.0.1.el9.x86_64.rpm	aa1c6b9a538724b5e486701376d4122321c25d43c42e83e3847037fedf2de6a7	-	ol9_x86_64_baseos_latest
	libkadm5-1.20.1-8.0.1.el9.x86_64.rpm	aa1c6b9a538724b5e486701376d4122321c25d43c42e83e3847037fedf2de6a7	-	ol9_x86_64_u2_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691