Univention Bugzilla – Bug 57476
krb5: Multiple issues (5.0)
Last modified: 2024-07-31 15:54:30 CEST
New Debian krb5 1.17-3+deb10u7 fixes: This update addresses the following issues: 1.17-3+deb10u7 (Mon, 29 Jul 2024 09:34:11 +0300) * Non-maintainer upload by the ELTS Team. * CVE-2024-26458: Memory leak in xmt_rmtcallres() * CVE-2024-26461: Memory leak in gss_krb5int_make_seal_token_v3() * CVE-2024-37370: GSS wrap token Extra Count field manipulation * CVE-2024-37371: Invalid GSS memory reads with manipulated tokens
--- mirror/ftp/pool/main/k/krb5/krb5_1.17-3+deb10u6.dsc +++ apt/ucs_5.0-0-errata5.0-8/source/krb5_1.17-3+deb10u7.dsc @@ -1,3 +1,11 @@ +1.17-3+deb10u7 [Mon, 29 Jul 2024 09:34:11 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the ELTS Team. + * CVE-2024-26458: Memory leak in xmt_rmtcallres() + * CVE-2024-26461: Memory leak in gss_krb5int_make_seal_token_v3() + * CVE-2024-37370: GSS wrap token Extra Count field manipulation + * CVE-2024-37371: Invalid GSS memory reads with manipulated tokens + 1.17-3+deb10u6 [Sun, 22 Oct 2023 21:17:30 +0300] Adrian Bunk <bunk@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/5.0-8/#5390136126965636593>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts [5.0-8] a12de5de49 Bug #57476: krb5 1.17-3+deb10u7 doc/errata/staging/krb5.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) [5.0-8] ce7ec84a94 Bug #57476: krb5 1.17-3+deb10u7 doc/errata/staging/krb5.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1090>