CLSA-2024:1726769396

[CLSA-2024:1726769396] krb5: Fix of 2 CVEs

Type:

security

Severity:

Critical

Release date:

2024-09-19 18:09:59 UTC

Description:

- CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap
  token to avoid appearing truncated to application
- CVE-2024-37371: fix invalid memory reads during GSS message token handling

Updated packages:

krb5-devel-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:1a86b5f496c00f95f1a0440b3fa2dee953aa10b5a8b9348a1df74c361bc44d57
krb5-devel-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:4e1f86729b9531c1b8a550c02a61b335578fc6c3b5c50bbd5de78fe0dba2e89b
krb5-libs-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:f60ea8ee6d024b4bc6f86be28c7b711793567b93230952aaf6d53923b0b144dd
krb5-libs-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:2e773a5a3cc2f091532d6e3ee3adefc6a3a3d5eb4a7aef79ecc190b951c94ad9
krb5-pkinit-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:d43c7bc201e4dba05e01ce8ca39ddba01e9b9a3165f34e6fe8ab2589aaa4fc1a
krb5-pkinit-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:9c784237e70cca62f380ed6d92bad917430fc95fa0eca9e5da31527284f0b195
krb5-server-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:00a4d3fe852846e12b6d4a5e9cd317484ac2de0b5035cd26e6b4036ffaed77cc
krb5-server-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:7402bb062a2e12baa2c71a9e7c245afd437bfec6306fd2f4666a4101afd5abcb
krb5-server-ldap-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:7b4f5c4b46412efb016dc0ea6fd8dea9754c46e6842d401cc08d7d2f01bd6f42
krb5-server-ldap-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:7c9692365bd0d6808a4233e4002b9f8a11c1748ad0be21208cb828d318041270
krb5-workstation-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:3316298d9a00c2dcb7ecb2c6b59e6b9764ac75b3029e1fdc9aba4d36198d5615
krb5-workstation-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:3d7c5044ced796d900d0067941ea6dd269afe32748cdc078dfcea91666bc064e
libkadm5-1.18.2-14.el8.tuxcare.els3.i686.rpm
sha:a4a3d4ecd8dfb1faebfbe5aadb46e8648a53401d33e5b04a3ec9c8b13ec6227e
libkadm5-1.18.2-14.el8.tuxcare.els3.x86_64.rpm
sha:2c013ef30a8412d447a4c27c4190bc335a6f53bbd72cd848d142159731a74f33

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.