Debian has issued an advisory on November 19: https://www.debian.org/security/2022/dsa-5286 The issue is fixed upstream in krb5 1.19.4 and heimdal 7.7.1: https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c Mageia 8 is also affected.
Blocks: (none) => 29260Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in krb5 1.19.4 and heimdal 7.7.1
guillomovitch does both these packages, so assigning to you.
Assignee: bugsquad => guillomovitch
openSUSE has issued an advisory for krb5 today (November 21): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6I6MV4DA2O6D7LCUS6WJQRCLT5N3QXGX/
Fedora has issued an advisory for krb5 today (November 22): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KNFBR437JQZXMPIT2AJCTGKUTQAFEMBY/
Severity: major => critical
Blocks: (none) => 31172
heimdal moved to Bug 31172.
Status comment: Fixed upstream in krb5 1.19.4 and heimdal 7.7.1 => Fixed upstream in 1.19.4Source RPM: krb5-1.19.2-5.mga9.src.rpm, heimdal-7.7.0-10.mga9.src.rpm => krb5-1.19.2-5.mga9.src.rpmSummary: krb5, heimdal new security issue CVE-2022-42898 => krb5 new security issue CVE-2022-42898
Blocks: 31172 => (none)
Fixed by following submissions: - krb5-1.19.2-6.mga9 in cauldron - krb5-1.18.3-1.3.mga8 in 8/updates_testing
krb5-workstation-1.18.3-1.3.mga8 libkrb53-1.18.3-1.3.mga8 krb5-server-1.18.3-1.3.mga8 libkrb53-devel-1.18.3-1.3.mga8 krb5-server-ldap-1.18.3-1.3.mga8 krb5-1.18.3-1.3.mga8 krb5-pkinit-1.18.3-1.3.mga8 from krb5-1.18.3-1.3.mga8.src.rpm Note that this update won't solve the issue Dave pointed out in Bug 29260 (but it does fix the CVEs there) but that's not a regression and this CVE is a serious issue in the library, so this needs to be pushed.
Version: Cauldron => 8CC: (none) => guillomovitchStatus comment: Fixed upstream in 1.19.4 => (none)Assignee: guillomovitch => qa-bugsWhiteboard: MGA8TOO => (none)
MGA8-64 MATE on Acer Aspire 5253 No installation issues Tried to follow the wiki and my own bug 24068 Comment 4 All seems to work OK, but found same issue as in bug 29260 for krlogin. On Davids remark then OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0467.html
Status: NEW => RESOLVEDResolution: (none) => FIXED