NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6a0f7c39bc
kumquat-buildroot/package/libkrb5/libkrb5.hash
Peter Korsgaard f93c47fad8 package/libkrb5: security bump to version 1.20.1 
Fixes the following security issue:

CVE-2022-42898: In MIT krb5 releases 1.8 and later, an authenticated
attacker may be able to cause a KDC or kadmind process to crash by reading
beyond the bounds of allocated memory, creating a denial of service.  A
privileged attacker may similarly be able to cause a Kerberos or GSS
application service to crash.  On 32-bit platforms, an attacker can also
cause insufficient memory to be allocated for the result, potentially
leading to remote code execution in a KDC, kadmind, or GSS or Kerberos
application server process.  An attacker with the privileges of a
cross-realm KDC may be able to extract secrets from a KDC process's memory
by having them copied into the PAC of a new ticket.

Bugfix tarballs are located in the same directory as the base version, so
introduce LIBKRB5_VERSION_MAJOR.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-24 15:36:04 +01:00

6 lines
250 B
Plaintext
Raw Blame History

# Locally calculated after checking pgp signature
sha256 704aed49b19eb5a7178b34b2873620ec299db08752d6a8574f95d41879ab8851 krb5-1.20.1.tar.gz
# Hash for license file:
sha256 cfadcf7b2ead2f3af793c25c00638c9908ac0023b101695f40cb9a03b16811dc NOTICE
Reference in New Issue View Git Blame Copy Permalink