1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • pam-krb5 vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, March 31, 2020 12:10:06
    libpam-krb5 vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    pam-krb5 could be made to execute arbitrary code if it received a
    specially crafted response.

    Software Description

    * libpam-krb5 - PAM module for MIT Kerberos

    Details

    Russ Allbery discovered that pam-krb5 incorrectly handled some
    responses. An attacker could possibly use this issue to execute
    arbitrary code.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    libpam-krb5 - 4.8-2ubuntu0.1

    Ubuntu 18.04 LTS
    libpam-krb5 - 4.8-1ubuntu0.1

    Ubuntu 16.04 LTS
    libpam-krb5 - 4.7-2ubuntu0.1

    Ubuntu 14.04 ESM
    libpam-krb5 - 4.6-2ubuntu0.1~esm1

    Ubuntu 12.04 ESM
    libpam-krb5 - 4.5-3ubuntu0.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-10595

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)