Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 9: 2024-0253 Moderate: krb5 Security Update for Token Issues

mageia
Calendar Grey July 3, 2024
Dist Mageia Esm H88
The recent updates to krb5 for Mageia address security vulnerabilities, particularly those involving data truncation and unauthorized memory reads stemming from corrupt tokens.
Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application

Summary

Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. (CVE-2024-37370) Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. (CVE-2024-37371)

References

- https://bugs.mageia.org/show_bug.cgi?id=33344

- https://www.cve.org/CVERecord?id=CVE-2024-37370

- https://www.cve.org/CVERecord?id=CVE-2024-37371

Topics%20covered

Topics Covered

security advisory security update vulnerability krb5 memory read Mageia GSS token

Resolution

SRPMS

- 9/core/krb5-1.20.1-1.2.mga9

Publication date: 03 Jul 2024
URL: https://advisories.mageia.org/MGASA-2024-0253.html
Type: security
CVE: CVE-2024-37370, CVE-2024-37371

Topics%20covered

Topics Covered

security advisory security update vulnerability krb5 memory read Mageia GSS token

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here