[SECURITY] [DLA 2437-1] krb5 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2437-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
November 07, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : krb5
Version : 1.15-1+deb9u2
CVE ID : CVE-2020-28196
Debian Bug : #973880
It was discovered that there was a denial of service vulnerability in
the MIT Kerberos network authentication system, krb5. The lack of a
limit in the ASN.1 decoder could lead to infinite recursion and allow
an attacker to overrun the stack and cause the process to crash.
For Debian 9 "Stretch", this problem has been fixed in version
1.15-1+deb9u2.
We recommend that you upgrade your krb5 packages.
For the detailed security status of krb5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/krb5
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl+mlKoACgkQHpU+J9Qx
HlgpLA//c/KRn+a4bAWlg6QhNCEJ79vD8oCBm9rB2eZC2yK4Wv+K0GQifYwom+mZ
fDXSN9O68AoualGkacS0Tl894lTr/SgoGR/KOTpqHfph0MXxJi0oRjH6yGC49B8A
Sbt1AG9lNGeibA2b/YO/D2gnmLSO81IX6ojIEbi5yl7KWHRZfsUJxpV9sDMbXFKB
Zx/csrM8/j2xK3tq9usIIM3kFj1rKO/ajRW/GwoYPs6UkdgGTZx5ACpVYoXJDdJx
q7Er0ZhN9ulEycTZ9EoAbfXoo9g5l/b/XisPO2TBugU+7612CsrwWajc+m5XGxMl
tzsKtw33EEStiNAvG0RLYWYX+ISePQEVoFLWf+b4g1aMIHTquU9nuC1Et7ZF/Ab5
wE6uFI+o/Q4Ec9jeqRSrZLQqOpFPffGYZ3syznRhX8asqVmDC5JcIDxvNG+PCK5l
K5stZks2rHyi8fB6wsOP1S7r1OPoIXAKNPyq9DxfGCnMHoYBpKTXkClBN9nhfyRa
ms5Ei5uWXcgPvWS7REBDCTA4oiosdDq6BGLCMcD2BiuUeVZOGbJv941pe4fz0iWn
qZDFeMXqyrMc19M/gc3y4ldOLgwJu/FmnD/Fgw5Uio78Ff/SUpRx4y19KUGMgO1m
i7Zb9P9wsJeqsO+hclKrmV6iCHAwGrGYIzniXn1IlxDe5ZVURjM=
=+BIC
-----END PGP SIGNATURE-----
Reply to: