Advisories » MGASA-2024-0253

Updated krb5 packages fix security vulnerabilities

Publication date: 03 Jul 2024
Modification date: 03 Jul 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-37370 , CVE-2024-37371

Description

Before 1.21.3, an attacker can modify the plaintext Extra Count field of
a confidential GSS krb5 wrap token, causing the unwrapped token to
appear truncated to the application. (CVE-2024-37370)
Before 1.21.3, an attacker can cause invalid memory reads during GSS
message token handling by sending message tokens with invalid length
fields. (CVE-2024-37371)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33344
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371

SRPMS

9/core

• krb5-1.20.1-1.2.mga9