Bug 2140960 (CVE-2022-42898)

Summary: CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abokovoy, anoopcs, arachman, asn, dkarpele, fdvorak, gdeschner, jarrpa, jburrell, jplans, jrische, kyoshida, lveyde, michal.skrivanek, mperina, mpolovka, nalin, pfilipen, rhs-smb, sbose, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: krb5 1.20.1, krb5 1.19.4 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-15 17:18:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2140961, 2140962, 2140963, 2140964, 2140965, 2140966, 2140967, 2140968, 2140969, 2140970, 2140971, 2142753, 2143009, 2143010, 2143011, 2143115, 2143116, 2143117, 2143118, 2143119, 2143120, 2143121, 2143122, 2143145    
Bug Blocks: 2140956    

Description Sandipan Roy 2022-11-08 09:13:39 UTC 
Three integer overflow vulnerabilities have been discovered in the MIT krb5 library function krb5_parse_pac()
Comment 4 Zack Miele 2022-11-15 19:31:19 UTC 
Created krb5 tracking bugs for this issue:

Affects: fedora-35 [bug 2143009]
Affects: fedora-36 [bug 2143010]
Comment 5 Zack Miele 2022-11-15 19:33:21 UTC 
Created krb5 tracking bugs for this issue:

Affects: fedora-37 [bug 2143011]
Comment 6 Sandipan Roy 2022-11-16 05:22:45 UTC 
Created freeipa tracking bugs for this issue:

Affects: fedora-35 [bug 2143118]
Affects: fedora-36 [bug 2143119]
Affects: fedora-37 [bug 2143120]


Created samba tracking bugs for this issue:

Affects: fedora-35 [bug 2143115]
Affects: fedora-36 [bug 2143116]
Affects: fedora-37 [bug 2143117]
Comment 10 errata-xmlrpc 2022-11-28 09:23:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8637 https://access.redhat.com/errata/RHSA-2022:8637
Comment 11 errata-xmlrpc 2022-11-28 09:28:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:8638 https://access.redhat.com/errata/RHSA-2022:8638
Comment 12 errata-xmlrpc 2022-11-28 09:44:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:8639 https://access.redhat.com/errata/RHSA-2022:8639
Comment 13 errata-xmlrpc 2022-11-28 09:52:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:8641 https://access.redhat.com/errata/RHSA-2022:8641
Comment 14 errata-xmlrpc 2022-11-28 09:56:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:8640 https://access.redhat.com/errata/RHSA-2022:8640
Comment 15 errata-xmlrpc 2022-11-28 10:41:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:8648 https://access.redhat.com/errata/RHSA-2022:8648
Comment 16 errata-xmlrpc 2022-11-29 08:39:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2022:8662 https://access.redhat.com/errata/RHSA-2022:8662
Comment 17 errata-xmlrpc 2022-11-29 08:49:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:8663 https://access.redhat.com/errata/RHSA-2022:8663
Comment 18 errata-xmlrpc 2022-11-29 12:54:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8669 https://access.redhat.com/errata/RHSA-2022:8669
Comment 19 errata-xmlrpc 2022-12-14 14:16:37 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:9029 https://access.redhat.com/errata/RHSA-2022:9029
Comment 20 Product Security DevOps Team 2022-12-15 17:18:31 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-42898