important: krb5/binutils security update
important
An update for krb5/binutils is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
krb5: Kerberos is a network authentication system. The krb5-devel package contains the header files and libraries needed for compiling Kerberos 5 programs. If you want to develop Kerberos-aware programs, you need to install this package.
binutils: Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line).
Security Fix(es):
krb5: A flaw was found in krb5. This flaw allows an unauthenticated attacker to cause a NULL dereference in the KDC by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST. The highest threat from this vulnerability is to system availability.(CVE-2021-36222)
krb5: A flaw was found in krb5. The Key Distribution Center (KDC) in MIT Kerberos 5 has a NULL pointer dereference via a FAST inner body that lacks a server field. An authenticated attacker could use this flaw to crash the Kerberos KDC server. The highest threat from this vulnerability is to system availability.(CVE-2021-37750)
krb5: A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash.(CVE-2022-42898)
krb5: bugfix
binutils: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.(CVE-2019-9074)
binutils: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.(CVE-2019-9075)
binutils: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.E0B4.