matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[Security] Fix the krb5 vulnerability issue (#17914)

Browse Source 
### Why I did it
Fix the krb5 vulnerable issue
CVE-2021-36222  allows remote attackers to cause a NULL pointer dereference and daemon crash
CVE-2021-37750  NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field
DSA 5286-1  remote code execution

##### Work item tracking
- Microsoft ADO **(number only)**: 26577929

#### How I did it
Upgrade the krb5 version to 1.18.3-6+deb11u14+fips.
This commit is contained in:
xumia 2024-01-27 07:34:22 +08:00 committed by GitHub
parent 88f80fbe08
commit 235cf3e661
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/sonic-fips.mk
View File

@ -1,13 +1,13 @@
# fips packages
FIPS_VERSION = 0.9
FIPS_VERSION = 0.10
FIPS_OPENSSL_VERSION = 1.1.1n-0+deb11u5+fips
FIPS_OPENSSH_VERSION = 8.4p1-5+deb11u2+fips
FIPS_PYTHON_MAIN_VERSION = 3.9
FIPS_PYTHON_VERSION = 3.9.2-1+fips
FIPS_GOLANG_MAIN_VERSION = 1.15
FIPS_GOLANG_VERSION = 1.15.15-1~deb11u4+fips
FIPS_KRB5_VERSION = 1.18.3-6+deb11u1+fips
FIPS_KRB5_VERSION = 1.18.3-6+deb11u14+fips
FIPS_URL_PREFIX = https://sonicstorage.blob.core.windows.net/public/fips/$(BLDENV)/$(FIPS_VERSION)/$(CONFIGURED_ARCH)
SYMCRYPT_OPENSSL_NAME = symcrypt-openssl