Advisories » MGASA-2024-0385

Updated krb5 packages fix security vulnerability

Publication date: 02 Dec 2024
Modification date: 02 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-3596

Description

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a
local attacker who can modify any valid Response (Access-Accept,
Access-Reject, or Access-Challenge) to any other response using a
chosen-prefix collision attack against MD5 Response Authenticator
signature. (CVE-2024-3596)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33769
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REJM7FX5TXBAJNRQ7XSMGPQSLMSSGMA3/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596

SRPMS

9/core

• krb5-1.20.1-1.3.mga9