Ubuntu 6596 Published by

The following updates are available for Ubuntu Linux:

[USN-6948-1] Salt vulnerabilities
[USN-6947-1] Kerberos vulnerabilities




[USN-6948-1] Salt vulnerabilities


=========================================================================
Ubuntu Security Notice USN-6948-1
August 08, 2024

salt vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Salt.

Software Description:
- salt: Infrastructure management built on a dynamic communication bus

Details:

It was discovered that Salt incorrectly handled crafted web requests.
A remote attacker could possibly use this issue to run arbitrary
commands. (CVE-2020-16846)

It was discovered that Salt incorrectly created certificates with weak
file permissions. (CVE-2020-17490)

It was discovered that Salt incorrectly handled credential validation.
A remote attacker could possibly use this issue to bypass authentication.
(CVE-2020-25592)

It was discovered that Salt incorrectly handled crafted process names.
An attacker could possibly use this issue to run arbitrary commands.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28243)

It was discovered that Salt incorrectly handled validation of SSL/TLS
certificates. A remote attacker could possibly use this issue to spoof
a trusted entity. (CVE-2020-28972, CVE-2020-35662)

It was discovered that Salt incorrectly handled credential validation.
A remote attacker could possibly use this issue to run arbitrary code.
(CVE-2021-25281)

It was discovered that Salt incorrectly handled crafted paths. A remote
attacker could possibly use this issue to perform directory traversal.
(CVE-2021-25282)

It was discovered that Salt incorrectly handled template rendering. A
remote attacker could possibly this issue to run arbitrary code.
(CVE-2021-25283)

It was discovered that Salt incorrectly handled logging. An attacker
could possibly use this issue to discover credentials. This issue only
affected Ubuntu 18.04 LTS. (CVE-2021-25284)

It was discovered that Salt incorrectly handled crafted web requests.
A remote attacker could possibly use this issue to run arbitrary
commands. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3148)

It was discovered that Salt incorrectly handled input sanitization.
A remote attacker could possibly use this issue to run arbitrary
commands. (CVE-2021-3197)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
salt-common 2017.7.4+dfsg1-1ubuntu18.04.2+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
salt-common 2015.8.8+ds-1ubuntu0.1+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6948-1
CVE-2020-16846, CVE-2020-17490, CVE-2020-25592, CVE-2020-28243,
CVE-2020-28972, CVE-2020-35662, CVE-2021-25281, CVE-2021-25282,
CVE-2021-25283, CVE-2021-25284, CVE-2021-3148, CVE-2021-3197



[USN-6947-1] Kerberos vulnerabilities


==========================================================================

Ubuntu Security Notice USN-6947-1
August 08, 2024

krb5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Kerberos could be made to crash if it received specially crafted
input.

Software Description:
- krb5: MIT Kerberos Network Authentication Protocol

Details:

It was discovered that Kerberos incorrectly handled GSS message tokens
where an unwrapped token could appear to be truncated. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2024-37370)

It was discovered that Kerberos incorrectly handled GSS message tokens
when sent a token with invalid length fields. An attacker could possibly
use this issue to cause a denial of service. (CVE-2024-37371)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  krb5-admin-server               1.20.1-6ubuntu2.1
  krb5-kdc                        1.20.1-6ubuntu2.1
  krb5-kdc-ldap                   1.20.1-6ubuntu2.1
  krb5-otp                        1.20.1-6ubuntu2.1
  krb5-pkinit                     1.20.1-6ubuntu2.1
  krb5-user                       1.20.1-6ubuntu2.1
  libgssapi-krb5-2                1.20.1-6ubuntu2.1
  libgssrpc4t64                   1.20.1-6ubuntu2.1
  libk5crypto3                    1.20.1-6ubuntu2.1
  libkadm5clnt-mit12              1.20.1-6ubuntu2.1
  libkadm5srv-mit12               1.20.1-6ubuntu2.1
  libkdb5-10t64                   1.20.1-6ubuntu2.1
  libkrad0                        1.20.1-6ubuntu2.1
  libkrb5-3                       1.20.1-6ubuntu2.1
  libkrb5support0                 1.20.1-6ubuntu2.1

Ubuntu 22.04 LTS
  krb5-admin-server               1.19.2-2ubuntu0.4
  krb5-kdc                        1.19.2-2ubuntu0.4
  krb5-kdc-ldap                   1.19.2-2ubuntu0.4
  krb5-otp                        1.19.2-2ubuntu0.4
  krb5-pkinit                     1.19.2-2ubuntu0.4
  krb5-user                       1.19.2-2ubuntu0.4
  libgssapi-krb5-2                1.19.2-2ubuntu0.4
  libgssrpc4                      1.19.2-2ubuntu0.4
  libk5crypto3                    1.19.2-2ubuntu0.4
  libkadm5clnt-mit12              1.19.2-2ubuntu0.4
  libkadm5srv-mit12               1.19.2-2ubuntu0.4
  libkdb5-10                      1.19.2-2ubuntu0.4
  libkrad0                        1.19.2-2ubuntu0.4
  libkrb5-3                       1.19.2-2ubuntu0.4
  libkrb5support0                 1.19.2-2ubuntu0.4

Ubuntu 20.04 LTS
  krb5-admin-server               1.17-6ubuntu4.6
  krb5-kdc                        1.17-6ubuntu4.6
  krb5-kdc-ldap                   1.17-6ubuntu4.6
  krb5-otp                        1.17-6ubuntu4.6
  krb5-pkinit                     1.17-6ubuntu4.6
  krb5-user                       1.17-6ubuntu4.6
  libgssapi-krb5-2                1.17-6ubuntu4.6
  libgssrpc4                      1.17-6ubuntu4.6
  libk5crypto3                    1.17-6ubuntu4.6
  libkadm5clnt-mit11              1.17-6ubuntu4.6
  libkadm5srv-mit11               1.17-6ubuntu4.6
  libkdb5-9                       1.17-6ubuntu4.6
  libkrad0                        1.17-6ubuntu4.6
  libkrb5-3                       1.17-6ubuntu4.6
  libkrb5support0                 1.17-6ubuntu4.6

Ubuntu 18.04 LTS
  krb5-admin-server               1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  krb5-kdc                        1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  krb5-kdc-ldap                   1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  krb5-otp                        1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  krb5-pkinit                     1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  krb5-user                       1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  libgssapi-krb5-2                1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  libgssrpc4                      1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  libk5crypto3                    1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  libkadm5clnt-mit11              1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  libkadm5srv-mit11               1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  libkdb5-9                       1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  libkrad0                        1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  libkrb5-3                       1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro
  libkrb5support0                 1.16-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  krb5-admin-server               1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  krb5-kdc                        1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  krb5-kdc-ldap                   1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  krb5-otp                        1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  krb5-pkinit                     1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  krb5-user                       1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  libgssapi-krb5-2                1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  libgssrpc4                      1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  libk5crypto3                    1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  libkadm5clnt-mit9               1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  libkadm5srv-mit9                1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  libkdb5-8                       1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  libkrad0                        1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  libkrb5-3                       1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro
  libkrb5support0                 1.13.2+dfsg-5ubuntu2.2+esm5
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  krb5-admin-server               1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  krb5-kdc                        1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  krb5-kdc-ldap                   1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  krb5-otp                        1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  krb5-pkinit                     1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  krb5-user                       1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  libgssapi-krb5-2                1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  libgssrpc4                      1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  libk5crypto3                    1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  libkadm5clnt-mit9               1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  libkadm5srv-mit8                1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  libkadm5srv-mit9                1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  libkdb5-7                       1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  libkrad0                        1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  libkrb5-3                       1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro
  libkrb5support0                 1.12+dfsg-2ubuntu5.4+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6947-1
( https://ubuntu.com/security/notices/USN-6947-1)
  CVE-2024-37370, CVE-2024-37371

Package Information:
https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.1
( https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.1)
https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.4
( https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.4)
https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.6
( https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.6)