ELA-753-1 krb5 security update

integer overflow

Version1.12.1+dfsg-19+deb8u7 (jessie), 1.15-1+deb9u4 (stretch)
Related CVEs CVE-2022-42898

It was discovered that there was a potential Denial of Service (DoS) attack against krb5, a suite of tools implementing the Kerberos authentication system. An integer overflow in PAC parsing could have been exploited if a cross-realm entity acted maliciously.

For Debian 8 jessie, these problems have been fixed in version 1.12.1+dfsg-19+deb8u7.

For Debian 9 stretch, these problems have been fixed in version 1.15-1+deb9u4.

We recommend that you upgrade your krb5 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.