CLSA-2024:1726769233

[CLSA-2024:1726769233] krb5: Fix of 2 CVEs

Type:

security

Severity:

Critical

Release date:

2024-09-19 18:07:16 UTC

Description:

- CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap
  token to avoid appearing truncated to application
- CVE-2024-37371: fix invalid memory reads during GSS message token handling

Updated packages:

krb5-devel-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:74d395167ee5ca34f7e3f10e4b7b122e1d8f97fdba1bcd743ae8f9d3eab60d82
krb5-devel-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:50cd492668430eb317a6794314aa13e19c2ed020999dccb3d844becf80b81669
krb5-libs-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:2b8017ba4f81360435b41949ddb59abd7b42a9c18648cc025f314e12309ce59a
krb5-libs-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:c1797e33d0e1e5f756e2488775a742484f370919a01722979c348741bff9e642
krb5-pkinit-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:0c9b9199845eef8fd424098527a7cf5c3bebef90981f7c3da4c24f5b48c2c87f
krb5-pkinit-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:eec6a99ac22102afaeedc62a6fbbe047aa10598149b93cbcff6f10daa4aaf3d9
krb5-server-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:6d4a9552e5be80a2090294e60a27ceeb1d24d1d1d3671e36c1345f65913d03b1
krb5-server-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:ee607604ef1eac0193ad9d9b22d2206488d6bbb951c25232c99766bfd23bdeee
krb5-server-ldap-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:e9267b33913386e32abb15d9a6bcf0d7830f22c7534137ade1ff85f2cf1096b3
krb5-server-ldap-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:533c3734ddaf4823f398a0433a3ac65dd02939610b8a4d3baf2e40510230e10c
krb5-workstation-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:d42c2e5444c3bdb25116c10f1486cab4fca2b5cbf5efa1f507911bc3e289070f
krb5-workstation-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:36e5f88bf3c07d59bd53c16a7390f9b4fd5356aa846ddc8fc67f57b6ff8f3ead
libkadm5-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:f194c4144270a00739e9c25c3cb649da97035ef44df7cdffdd7a21fd2b570ba1
libkadm5-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:fcca71887ff1e923f6d90a62f03180287931546ad749ff17fd4eedcbfd38f211

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.