USN-4635-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4635-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4635-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4635-1
Related
Published
2020-11-17T13:35:56.675240Z
Modified
2020-11-17T13:35:56.675240Z
Summary
krb5 vulnerability
Details

Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1. An attacker could possibly use this issue to cause a denial of service.

References

Affected packages

Ubuntu:20.04:LTS / krb5

Package

Name
krb5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.17-6ubuntu4.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libk5crypto3": "1.17-6ubuntu4.1",
            "libkdb5-9": "1.17-6ubuntu4.1",
            "libkadm5clnt-mit11": "1.17-6ubuntu4.1",
            "krb5-kpropd": "1.17-6ubuntu4.1",
            "libkadm5srv-mit11": "1.17-6ubuntu4.1",
            "krb5-multidev": "1.17-6ubuntu4.1",
            "krb5-kdc": "1.17-6ubuntu4.1",
            "krb5-gss-samples": "1.17-6ubuntu4.1",
            "krb5-admin-server": "1.17-6ubuntu4.1",
            "krb5-otp": "1.17-6ubuntu4.1",
            "krb5-user": "1.17-6ubuntu4.1",
            "krb5-locales": "1.17-6ubuntu4.1",
            "libkrb5support0": "1.17-6ubuntu4.1",
            "libgssrpc4": "1.17-6ubuntu4.1",
            "krb5-pkinit": "1.17-6ubuntu4.1",
            "libkrb5-dev": "1.17-6ubuntu4.1",
            "krb5-doc": "1.17-6ubuntu4.1",
            "libgssapi-krb5-2": "1.17-6ubuntu4.1",
            "krb5-k5tls": "1.17-6ubuntu4.1",
            "libkrad0": "1.17-6ubuntu4.1",
            "libkrb5-3": "1.17-6ubuntu4.1",
            "libkrad-dev": "1.17-6ubuntu4.1",
            "krb5-kdc-ldap": "1.17-6ubuntu4.1"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / krb5

Package

Name
krb5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12+dfsg-2ubuntu5.4+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libk5crypto3": "1.12+dfsg-2ubuntu5.4+esm2",
            "krb5-kdc-ldap": "1.12+dfsg-2ubuntu5.4+esm2",
            "libkdb5-7": "1.12+dfsg-2ubuntu5.4+esm2",
            "krb5-multidev": "1.12+dfsg-2ubuntu5.4+esm2",
            "libkadm5srv-mit9": "1.12+dfsg-2ubuntu5.4+esm2",
            "krb5-gss-samples": "1.12+dfsg-2ubuntu5.4+esm2",
            "krb5-kdc": "1.12+dfsg-2ubuntu5.4+esm2",
            "krb5-admin-server": "1.12+dfsg-2ubuntu5.4+esm2",
            "libkadm5clnt-mit9": "1.12+dfsg-2ubuntu5.4+esm2",
            "krb5-otp": "1.12+dfsg-2ubuntu5.4+esm2",
            "krb5-user": "1.12+dfsg-2ubuntu5.4+esm2",
            "krb5-locales": "1.12+dfsg-2ubuntu5.4+esm2",
            "libkrb5support0": "1.12+dfsg-2ubuntu5.4+esm2",
            "libgssrpc4": "1.12+dfsg-2ubuntu5.4+esm2",
            "krb5-pkinit": "1.12+dfsg-2ubuntu5.4+esm2",
            "libkrb5-dev": "1.12+dfsg-2ubuntu5.4+esm2",
            "krb5-doc": "1.12+dfsg-2ubuntu5.4+esm2",
            "libgssapi-krb5-2": "1.12+dfsg-2ubuntu5.4+esm2",
            "libkrad0": "1.12+dfsg-2ubuntu5.4+esm2",
            "libkrb5-3": "1.12+dfsg-2ubuntu5.4+esm2",
            "libkrad-dev": "1.12+dfsg-2ubuntu5.4+esm2",
            "libkadm5srv-mit8": "1.12+dfsg-2ubuntu5.4+esm2"
        }
    ]
}

Ubuntu:18.04:LTS / krb5

Package

Name
krb5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.16-2ubuntu0.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libk5crypto3": "1.16-2ubuntu0.2",
            "libkdb5-9": "1.16-2ubuntu0.2",
            "libkadm5clnt-mit11": "1.16-2ubuntu0.2",
            "krb5-kpropd": "1.16-2ubuntu0.2",
            "libkadm5srv-mit11": "1.16-2ubuntu0.2",
            "krb5-multidev": "1.16-2ubuntu0.2",
            "krb5-kdc": "1.16-2ubuntu0.2",
            "krb5-gss-samples": "1.16-2ubuntu0.2",
            "krb5-admin-server": "1.16-2ubuntu0.2",
            "krb5-otp": "1.16-2ubuntu0.2",
            "krb5-user": "1.16-2ubuntu0.2",
            "krb5-locales": "1.16-2ubuntu0.2",
            "libkrb5support0": "1.16-2ubuntu0.2",
            "libgssrpc4": "1.16-2ubuntu0.2",
            "krb5-pkinit": "1.16-2ubuntu0.2",
            "libkrb5-dev": "1.16-2ubuntu0.2",
            "krb5-doc": "1.16-2ubuntu0.2",
            "libgssapi-krb5-2": "1.16-2ubuntu0.2",
            "krb5-k5tls": "1.16-2ubuntu0.2",
            "libkrad0": "1.16-2ubuntu0.2",
            "libkrb5-3": "1.16-2ubuntu0.2",
            "libkrad-dev": "1.16-2ubuntu0.2",
            "krb5-kdc-ldap": "1.16-2ubuntu0.2"
        }
    ]
}

Ubuntu:16.04:LTS / krb5

Package

Name
krb5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13.2+dfsg-5ubuntu2.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libk5crypto3": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-multidev": "1.13.2+dfsg-5ubuntu2.2",
            "libkadm5srv-mit9": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-gss-samples": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-kdc": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-admin-server": "1.13.2+dfsg-5ubuntu2.2",
            "libkadm5clnt-mit9": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-otp": "1.13.2+dfsg-5ubuntu2.2",
            "libkdb5-8": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-user": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-locales": "1.13.2+dfsg-5ubuntu2.2",
            "libkrb5support0": "1.13.2+dfsg-5ubuntu2.2",
            "libgssrpc4": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-pkinit": "1.13.2+dfsg-5ubuntu2.2",
            "libkrb5-dev": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-doc": "1.13.2+dfsg-5ubuntu2.2",
            "libgssapi-krb5-2": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-k5tls": "1.13.2+dfsg-5ubuntu2.2",
            "krb5-kdc-ldap": "1.13.2+dfsg-5ubuntu2.2",
            "libkrb5-3": "1.13.2+dfsg-5ubuntu2.2",
            "libkrad-dev": "1.13.2+dfsg-5ubuntu2.2",
            "libkrad0": "1.13.2+dfsg-5ubuntu2.2"
        }
    ]
}