Stay Secure with the Latest Linux Advisories

security advisoryupdatecritical

Fedora 34 - FEDORA-2021-20b495cb94 Critical: KDC Null Deref Exploit

- CVE-2021-37750 (explicit NULL deref on KDC). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-20b495cb94 2021-08-21 01:05:40.547392 --------------------------------------------------------------------------------Name : krb5 Product : Fedora 34 Version : 1.19.2 Release : 2.fc34 URL : https://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form. --------------------------------------------------------------------------------Update Information: - CVE-2021-37750 (explicit NULL deref on KDC) --------------------------------------------------------------------------------ChangeLog: * Thu Aug 19 2021 Robbie Harwood - 1.19.2-2 - Fix KDC null deref on TGS inner body null server (CVE-2021-37750) * Mon Jul 26 2021 Robbie Harwood - 1.19.2-1 - New upstream version (1.19.2) * Wed Jul 21 2021 Robbie Harwood - 1.19.1-15 - Fix defcred leak in krb5 gss_inquire_cred() --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-20b495cb94' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. FedoraCode of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Fedora Update Alert for krb5 correcting KDC null dereference security flaw, contains instructions for installation via dnf tool.. krb5 Update,Fedora 34 Security,Kerberos Authentication,Security Patch Notification. . Severity: Critical. LinuxSecurity.com Team

Aug 20, 2021 •Critical Fedora