Updated krb5 packages fix security vulnerabilities
Publication date: 03 Jul 2024Modification date: 03 Jul 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-37370 , CVE-2024-37371
Description
Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. (CVE-2024-37370) Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. (CVE-2024-37371)
References
SRPMS
9/core
- krb5-1.20.1-1.2.mga9