This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. See How to fix? for RHEL:8 relevant fixed versions and status. Note: Versions mentioned in the description apply only to the upstream krb5-libs package and not the krb5-libs package as distributed by RHEL. This issue was patched in RHSA-2022:1537. Upgrade RHEL:8 gzip to version 0:1.9-13.el8_5 or higher. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. See How to fix? for RHEL:8 relevant fixed versions and status.Īn arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Note: Versions mentioned in the description apply only to the upstream gzip package and not the gzip package as distributed by RHEL.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |