Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 39: Security Advisory for krb5 Updates and Memory Leak Resolution

fedora
Calendar Grey July 17, 2024
Dist Fedora Esm H88
This enhancement addresses several problems such as resource drain in krb5 and brings in new functionalities from the latest upstream updates.
This update fixes multiple CVEs and rebases to the latest upstream version: * Tue Jul 09 2024 Julien Rische - 1.21.3-1 - New upstream version (1.21.3) - CVE-20...

Summary

Kerberos V5 is a trusted-third-party network authentication system,

which can improve your network's security by eliminating the insecure

practice of sending passwords over the network in unencrypted form.

Update Information:

This update fixes multiple CVEs and rebases to the latest upstream version: * Tue Jul 09 2024 Julien Rische - 1.21.3-1 - New upstream version (1.21.3) - CVE-2024-26458: Memory leak in src/lib/rpc/pmap_rmt.c Resolves: rhbz#2266732 - CVE-2024-26461: Memory leak in src/lib/gssapi/krb5/k5sealv3.c Resolves: rhbz#2266741 - CVE-2024-26462: Memory leak in src/kdc/ndr.c Resolves: rhbz#2266743 - Add missing SPDX license identifiers Resolves: rhbz#2265333 * Mon Jul 08 2024 Julien Rische - 1.21.2-6 - CVE-2024-37370 CVE-2024-37371: GSS message token handling Resolves: rhbz#2294678 rhbz#2294680 - Fix double free in klist's show_ccache() Resolves: rhbz#2257301 - Do not include files with "~" termination in krb5-tests

Topics%20covered

Topics Covered

security advisory Fedora update information memory leak krb5 upstream version GSS message token

Change Log

* Tue Jul 9 2024 Julien Rische - 1.21.3-1 - New upstream version (1.21.3) - CVE-2024-26458: Memory leak in src/lib/rpc/pmap_rmt.c Resolves: rhbz#2266732 - CVE-2024-26461: Memory leak in src/lib/gssapi/krb5/k5sealv3.c Resolves: rhbz#2266741 - CVE-2024-26462: Memory leak in src/kdc/ndr.c Resolves: rhbz#2266743 - Add missing SPDX license identifiers Resolves: rhbz#2265333 * Mon Jul 8 2024 Julien Rische - 1.21.2-4 - CVE-2024-37370 CVE-2024-37371: GSS message token handling Resolves: rhbz#2294678 rhbz#2294680 - Fix double free in klist's show_ccache() Resolves: rhbz#2257301 - Do not include files with "~" termination in krb5-tests

References


[ 1 ] Bug #2257301 - Fix double free in klist's show_ccache() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257301 [ 2 ] Bug #2265333 - Exhaustive SPDX license expression in specfile https://bugzilla.redhat.com/show_bug.cgi?id=2265333 [ 3 ] Bug #2266732 - TRIAGE CVE-2024-26458 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266732 [ 4 ] Bug #2266741 - TRIAGE CVE-2024-26461 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266741 [ 5 ] Bug #2266743 - TRIAGE CVE-2024-26462 krb5: Memory leak at /krb5/src/kdc/ndr.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266743 [ 6 ] Bug #2294678 - CVE-2024-37370 krb5: GSS message token handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294678 [ 7 ] Bug #2294680 - CVE-2024-37371 krb5: GSS message token handling ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-df2c70dba9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: krb5
Product: Fedora 39
Version: 1.21.3
Release: 1.fc39
URL: https://web.mit.edu/kerberos/www/
Summary: The Kerberos network authentication system

Topics%20covered

Topics Covered

security advisory Fedora update information memory leak krb5 upstream version GSS message token

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here