44 matches found
Moderate: Red Hat Security Advisory: krb5 security update
An update for krb5 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Moderate: Red Hat Security Advisory: krb5 security update
An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
RHEL 9 : krb5 (RHSA-2024:5643)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5643 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending...
Medium: krb5
Issue Overview: krb5: GSS message token handling CVE-2024-37370 In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. CVE-2024-37371 Affected Packages: krb5 Issue Correction: Run...
Oracle Linux 8 : krb5 (ELSA-2024-5312)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5312 advisory. 1.18.2-29.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-29 - CVE-2024-37370 CVE-2024-37371 Fix vulnerabilities in GSS message...
RHEL 7 : krb5 (RHSA-2024:5316)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5316 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending...
Moderate: Red Hat Security Advisory: krb5 security update
An update for krb5 is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Moderate: Red Hat Security Advisory: krb5 security update
An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
CBL Mariner 2.0 Security Update: krb5 (CVE-2024-37371)
The version of krb5 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37371 advisory. - In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token...
Amazon Linux 2023 : krb5-devel, krb5-libs, krb5-pkinit (ALAS2023-2024-688)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-688 advisory. krb5: GSS message token handling CVE-2024-37370 In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens...
Amazon Linux 2 : krb5 (ALAS-2024-2595)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2595 advisory. krb5: GSS message token handling CVE-2024-37370 In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens wi...
RHEL 8 : krb5 (RHSA-2024:4734)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4734 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending...
Medium: krb5
Issue Overview: krb5: GSS message token handling CVE-2024-37370 In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. CVE-2024-37371 Affected Packages: krb5 Note: This advisory i...
Fedora 39 : krb5 (2024-df2c70dba9)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-df2c70dba9 advisory. This update fixes multiple CVEs and rebases to the latest upstream version: Tue Jul 09 2024 Julien Rische - 1.21.3-1 - New upstream version 1.21.3 -...
Fedora 40 : krb5 (2024-1f68985052)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1f68985052 advisory. This update fixes multiple CVEs and rebases to the latest upstream version: Tue Jul 09 2024 Julien Rische - 1.21.3-1 - New upstream version 1.21.3 -...
Updated krb5 packages fix security vulnerabilities
Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...
CVE-2024-37371
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...
CVE-2024-37371
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...
CVE-2024-37371
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...
MIT Kerberos Security Vulnerability
MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters.Kerberos also serves as a network authentication protocol designed with the goal of providing strong authentication services to client/server applications through a key system. A security...