SUSE-SU-2018:1425-1: moderate: Security update for krb5
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri May 25 10:08:18 MDT 2018
SUSE Security Update: Security update for krb5
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:1425-1
Rating: moderate
References: #1054028 #1055851 #1081725
Cross-References: CVE-2017-7562
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for krb5 provides the following fixes:
Security issues fixed:
- CVE-2017-7562: Improper validation of certificate EKU and SAN could lead
to authentication bypass. (bsc#1055851)
Non-security issues fixed:
- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in
order to improve client security in handling service principle names.
(bsc#1054028)
- Fix a GSS failure in legacy applications by not indicating deprecated
GSS mechanisms in gss_indicate_mech() list. (bsc#1081725)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 12-SP1:
zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-983=1
- SUSE Linux Enterprise Server 12-SP1-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-983=1
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2018-983=1
Package List:
- SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):
krb5-1.12.1-38.5.3
krb5-client-1.12.1-38.5.3
krb5-client-debuginfo-1.12.1-38.5.3
krb5-debuginfo-1.12.1-38.5.3
krb5-debugsource-1.12.1-38.5.3
krb5-doc-1.12.1-38.5.3
krb5-plugin-kdb-ldap-1.12.1-38.5.3
krb5-plugin-kdb-ldap-debuginfo-1.12.1-38.5.3
krb5-plugin-preauth-otp-1.12.1-38.5.3
krb5-plugin-preauth-otp-debuginfo-1.12.1-38.5.3
krb5-plugin-preauth-pkinit-1.12.1-38.5.3
krb5-plugin-preauth-pkinit-debuginfo-1.12.1-38.5.3
krb5-server-1.12.1-38.5.3
krb5-server-debuginfo-1.12.1-38.5.3
- SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):
krb5-32bit-1.12.1-38.5.3
krb5-debuginfo-32bit-1.12.1-38.5.3
- SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
krb5-1.12.1-38.5.3
krb5-client-1.12.1-38.5.3
krb5-client-debuginfo-1.12.1-38.5.3
krb5-debuginfo-1.12.1-38.5.3
krb5-debugsource-1.12.1-38.5.3
krb5-doc-1.12.1-38.5.3
krb5-plugin-kdb-ldap-1.12.1-38.5.3
krb5-plugin-kdb-ldap-debuginfo-1.12.1-38.5.3
krb5-plugin-preauth-otp-1.12.1-38.5.3
krb5-plugin-preauth-otp-debuginfo-1.12.1-38.5.3
krb5-plugin-preauth-pkinit-1.12.1-38.5.3
krb5-plugin-preauth-pkinit-debuginfo-1.12.1-38.5.3
krb5-server-1.12.1-38.5.3
krb5-server-debuginfo-1.12.1-38.5.3
- SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64):
krb5-32bit-1.12.1-38.5.3
krb5-debuginfo-32bit-1.12.1-38.5.3
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
krb5-1.12.1-38.5.3
krb5-client-1.12.1-38.5.3
krb5-client-debuginfo-1.12.1-38.5.3
krb5-debuginfo-1.12.1-38.5.3
krb5-debugsource-1.12.1-38.5.3
krb5-doc-1.12.1-38.5.3
krb5-plugin-kdb-ldap-1.12.1-38.5.3
krb5-plugin-kdb-ldap-debuginfo-1.12.1-38.5.3
krb5-plugin-preauth-otp-1.12.1-38.5.3
krb5-plugin-preauth-otp-debuginfo-1.12.1-38.5.3
krb5-plugin-preauth-pkinit-1.12.1-38.5.3
krb5-plugin-preauth-pkinit-debuginfo-1.12.1-38.5.3
krb5-server-1.12.1-38.5.3
krb5-server-debuginfo-1.12.1-38.5.3
- SUSE Linux Enterprise Server 12-LTSS (s390x x86_64):
krb5-32bit-1.12.1-38.5.3
krb5-debuginfo-32bit-1.12.1-38.5.3
References:
https://www.suse.com/security/cve/CVE-2017-7562.html
https://bugzilla.suse.com/1054028
https://bugzilla.suse.com/1055851
https://bugzilla.suse.com/1081725
More information about the sle-security-updates
mailing list