Submodule changes:
6e2478f04 Fixes CVE-2023-36054: a remote authenticated attacker can cause kadmind to free an uninitialized pointer. Upstream believes remote code execusion is unlikely, Closes: #1043431
65a6a17d1 (tag: debian/1.18.3-6+deb11u3, test2) Export patches
b4c157dcc Integer overflows in PAC parsing; potentially critical for 32-bit KDCs or when cross-realm acts maliciously; DOS in other conditions; CVE-2022-42898, Closes: #1024267
0dfeacefc Changes for 1.18.3-6+deb11u2
11f671323 Use SHA256 for PKINIT CMS Algorithm
And some other issues:
CVE-2021-36222 allows remote attackers to cause a NULL pointer dereference and daemon crash
CVE-2021-37750 NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field
DSA 5286-1 remote code execution
Submodule changes: 6e2478f04 Fixes CVE-2023-36054: a remote authenticated attacker can cause kadmind to free an uninitialized pointer. Upstream believes remote code execusion is unlikely, Closes: #1043431 65a6a17d1 (tag: debian/1.18.3-6+deb11u3, test2) Export patches b4c157dcc Integer overflows in PAC parsing; potentially critical for 32-bit KDCs or when cross-realm acts maliciously; DOS in other conditions; CVE-2022-42898, Closes: #1024267 0dfeacefc Changes for 1.18.3-6+deb11u2 11f671323 Use SHA256 for PKINIT CMS Algorithm
And some other issues: CVE-2021-36222 allows remote attackers to cause a NULL pointer dereference and daemon crash CVE-2021-37750 NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field DSA 5286-1 remote code execution