Bugzilla – Bug 1083926
VUL-0: CVE-2018-5729: krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data
Last modified: 2019-10-18 18:22:33 UTC
rh#1551083 A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can cause a null dereference in kadmind, or circumvent a DN container check, by supplying tagged data intended to be internal to the database module. Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869 Upstream patch: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 References: https://bugzilla.redhat.com/show_bug.cgi?id=1551083 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5729 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5729.html
SUSE-SU-2018:0846-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1057662,1081725,1083926,1083927 CVE References: CVE-2018-5729,CVE-2018-5730 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): krb5-1.12.5-40.23.2 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): krb5-1.12.5-40.23.2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): krb5-1.12.5-40.23.2 SUSE Linux Enterprise Server 12-SP3 (src): krb5-1.12.5-40.23.2 SUSE Linux Enterprise Server 12-SP2 (src): krb5-1.12.5-40.23.2 SUSE Linux Enterprise Desktop 12-SP3 (src): krb5-1.12.5-40.23.2 SUSE Linux Enterprise Desktop 12-SP2 (src): krb5-1.12.5-40.23.2 SUSE CaaS Platform ALL (src): krb5-1.12.5-40.23.2 OpenStack Cloud Magnum Orchestration 7 (src): krb5-1.12.5-40.23.2
openSUSE-SU-2018:0854-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1057662,1081725,1083926,1083927 CVE References: CVE-2018-5729,CVE-2018-5730 Sources used: openSUSE Leap 42.3 (src): krb5-1.12.5-16.1, krb5-mini-1.12.5-16.1
SUSE-SU-2018:0859-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1056995,1083926,1083927,970696 CVE References: CVE-2017-11462,CVE-2018-5729,CVE-2018-5730 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): krb5-1.6.3-133.49.113.7.1 SUSE Linux Enterprise Server 11-SP4 (src): krb5-1.6.3-133.49.113.7.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): krb5-1.6.3-133.49.113.7.1
SLE15 missing
This is still not fixed in SLE-15. Could you please have a look?
SUSE-SU-2019:0175-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1083926,1083927 CVE References: CVE-2018-5729,CVE-2018-5730 Sources used: SUSE Linux Enterprise Module for Server Applications 15 (src): krb5-1.15.2-6.6.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): krb5-mini-1.15.2-6.6.1 SUSE Linux Enterprise Module for Basesystem 15 (src): krb5-1.15.2-6.6.2
openSUSE-SU-2019:0139-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1083926,1083927 CVE References: CVE-2018-5729,CVE-2018-5730 Sources used: openSUSE Leap 15.0 (src): krb5-1.15.2-lp150.5.6.1, krb5-mini-1.15.2-lp150.5.6.1
Reassign to security team for closing.
released