Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 24.10, 24.04 LTS: USN-7314-1 critical: krb5 DoS attacks

ubuntu
Calendar Grey March 3, 2025
Dist Ubuntu Esm H88
Alert Bulletin USN-7314-1 highlights various Kerberos vulnerabilities impacting different Ubuntu releases, detailing essential patches delivered.
Several security issues were fixed in Kerberos.

Summary

Several security issues were fixed in Kerberos.

Software Description:

- krb5: MIT Kerberos Network Authentication Protocol

Details:

It was discovered that Kerberos incorrectly handled certain memory

operations. A remote attacker could possibly use this issue to cause

Kerberos to consume memory,leading to a denial of service. (CVE-2024-26458,

CVE-2024-26461)

It was discovered that Kerberos incorrectly handled certain memory

operations. A remote attacker could possibly use this issue to cause

Kerberos to consume memory,leading to a denial of service. This issue only

affected Ubuntu 24.04 LTS. (CVE-2024-26462)

It was discovered that the Kerberos kadmind daemon incorrectly handled log

files when incremental propagation was enabled. An authenticated attacker

could use this issue to cause kadmind to crash, resulting in a denial of

service, or possibly execute arbitrary code. (CVE-2025-24528)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   krb5-admin-server               1.21.3-3ubuntu0.2
   krb5-kdc                        1.21.3-3ubuntu0.2
   libgssapi-krb5-2                1.21.3-3ubuntu0.2
   libgssrpc4t64                   1.21.3-3ubuntu0.2
   libkdb5-10t64                   1.21.3-3ubuntu0.2

Ubuntu 24.04 LTS
   krb5-admin-server               1.20.1-6ubuntu2.5
   krb5-kdc                        1.20.1-6ubuntu2.5
   libgssapi-krb5-2                1.20.1-6ubuntu2.5
   libgssrpc4t64                   1.20.1-6ubuntu2.5
   libkdb5-10t64                   1.20.1-6ubuntu2.5

Ubuntu 22.04 LTS
   krb5-admin-server               1.19.2-2ubuntu0.6
   krb5-kdc                        1.19.2-2ubuntu0.6
   libgssapi-krb5-2                1.19.2-2ubuntu0.6
   libgssrpc4                      1.19.2-2ubuntu0.6
   libkdb5-10                      1.19.2-2ubuntu0.6

Ubuntu 20.04 LTS
   krb5-admin-server               1.17-6ubuntu4.9
   krb5-kdc                        1.17-6ubuntu4.9
   libgssapi-krb5-2                1.17-6ubuntu4.9
   libgssrpc4                      1.17-6ubuntu4.9
   libkdb5-9                       1.17-6ubuntu4.9

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7314-1

CVE-2024-26458, CVE-2024-26461, CVE-2024-26462, CVE-2025-24528

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7314-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here