Debian has issued an advisory on November 19:
The issue is fixed upstream in krb5 1.19.4 and heimdal 7.7.1:
Mageia 8 is also affected.
Fixed upstream in krb5 1.19.4 and heimdal 7.7.1
guillomovitch does both these packages, so assigning to you.
openSUSE has issued an advisory for krb5 today (November 21):
Fedora has issued an advisory for krb5 today (November 22):
heimdal moved to Bug 31172.
Fixed upstream in krb5 1.19.4 and heimdal 7.7.1 =>
Fixed upstream in 1.19.4Source RPM:
krb5-1.19.2-5.mga9.src.rpm, heimdal-7.7.0-10.mga9.src.rpm =>
krb5, heimdal new security issue CVE-2022-42898 =>
krb5 new security issue CVE-2022-42898
Fixed by following submissions:
- krb5-1.19.2-6.mga9 in cauldron
- krb5-1.18.3-1.3.mga8 in 8/updates_testing
Note that this update won't solve the issue Dave pointed out in Bug 29260 (but it does fix the CVEs there) but that's not a regression and this CVE is a serious issue in the library, so this needs to be pushed.
Fixed upstream in 1.19.4 =>
MGA8-64 MATE on Acer Aspire 5253
No installation issues
Tried to follow the wiki and my own bug 24068 Comment 4
All seems to work OK, but found same issue as in bug 29260 for krlogin.
On Davids remark then OK.
An update for this issue has been pushed to the Mageia Updates repository.