Kerberos Security Advisory USN-6947-1: Mitigate Denial of Service Vulnerabilities
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Kerberos could be made to crash if it received specially crafted input. Software Description: - krb5: MIT Kerberos Network Authentication Protocol Details: It was discovered that Kerberos incorrectly handled GSS message tokens where an unwrapped token could appear to be truncated. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-37370) It was discovered that Kerberos incorrectly handled GSS message tokens when sent a token with invalid length fields. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-37371)
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS krb5-admin-server 1.20.1-6ubuntu2.1 krb5-kdc 1.20.1-6ubuntu2.1 krb5-kdc-ldap 1.20.1-6ubuntu2.1 krb5-otp 1.20.1-6ubuntu2.1 krb5-pkinit 1.20.1-6ubuntu2.1 krb5-user 1.20.1-6ubuntu2.1 libgssapi-krb5-2 1.20.1-6ubuntu2.1 libgssrpc4t64 1.20.1-6ubuntu2.1 libk5crypto3 1.20.1-6ubuntu2.1 libkadm5clnt-mit12 1.20.1-6ubuntu2.1 libkadm5srv-mit12 1.20.1-6ubuntu2.1 libkdb5-10t64 1.20.1-6ubuntu2.1 libkrad0 1.20.1-6ubuntu2.1 libkrb5-3 1.20.1-6ubuntu2.1 libkrb5support0 1.20.1-6ubuntu2.1 Ubuntu 22.04 LTS krb5-admin-server 1.19.2-2ubuntu0.4 krb5-kdc 1.19.2-2ubuntu0.4 krb5-kdc-ldap 1.19.2-2ubuntu0.4 krb5-otp 1.19.2-2ubuntu0.4 krb5-pkinit 1.19.2-2ubuntu0.4 krb5-user 1.19.2-2ubuntu0.4 libgssapi-krb5-2 1.19.2-2ubuntu0.4 libgssrpc4 1.19.2-2ubuntu0.4 libk5crypto3 1.19.2-2ubuntu0.4 libkadm5clnt-mit12 1.19.2-2ubuntu0.4 libkadm5srv-mit12 1.19.2-2ubuntu0.4 libkdb5-10 1.19.2-2ubuntu0.4 libkrad0 1.19.2-2ubuntu0.4 libkrb5-3 1.19.2-2ubuntu0.4 libkrb5support0 1.19.2-2ubuntu0.4 Ubuntu 20.04 LTS krb5-admin-server 1.17-6ubuntu4.6 krb5-kdc 1.17-6ubuntu4.6 krb5-kdc-ldap 1.17-6ubuntu4.6 krb5-otp 1.17-6ubuntu4.6 krb5-pkinit 1.17-6ubuntu4.6 krb5-user 1.17-6ubuntu4.6 libgssapi-krb5-2 1.17-6ubuntu4.6 libgssrpc4 1.17-6ubuntu4.6 libk5crypto3 1.17-6ubuntu4.6 libkadm5clnt-mit11 1.17-6ubuntu4.6 libkadm5srv-mit11 1.17-6ubuntu4.6 libkdb5-9 1.17-6ubuntu4.6 libkrad0 1.17-6ubuntu4.6 libkrb5-3 1.17-6ubuntu4.6 libkrb5support0 1.17-6ubuntu4.6 Ubuntu 18.04 LTS krb5-admin-server 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro krb5-kdc 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro krb5-kdc-ldap 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro krb5-otp 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro krb5-pkinit 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro krb5-user 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro libgssapi-krb5-2 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro libgssrpc4 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro libk5crypto3 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro libkadm5clnt-mit11 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro libkadm5srv-mit11 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro libkdb5-9 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro libkrad0 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro libkrb5-3 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro libkrb5support0 1.16-2ubuntu0.4+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS krb5-admin-server 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro krb5-kdc 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro krb5-kdc-ldap 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro krb5-otp 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro krb5-pkinit 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro krb5-user 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro libgssapi-krb5-2 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro libgssrpc4 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro libk5crypto3 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro libkadm5clnt-mit9 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro libkadm5srv-mit9 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro libkdb5-8 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro libkrad0 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro libkrb5-3 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro libkrb5support0 1.13.2+dfsg-5ubuntu2.2+esm5 Available with Ubuntu Pro Ubuntu 14.04 LTS krb5-admin-server 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro krb5-kdc 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro krb5-kdc-ldap 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro krb5-otp 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro krb5-pkinit 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro krb5-user 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro libgssapi-krb5-2 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro libgssrpc4 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro libk5crypto3 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro libkadm5clnt-mit9 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro libkadm5srv-mit8 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro libkadm5srv-mit9 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro libkdb5-7 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro libkrad0 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro libkrb5-3 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro libkrb5support0 1.12+dfsg-2ubuntu5.4+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6947-1
CVE-2024-37370, CVE-2024-37371
Package Information
https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.1
