INFSA-2024:3268: krb5 security update
Information about definition
Identificator: INFSA-2024:3268
Type: security
Release date: 2024-08-23 18:44:54 UTC
Information about package
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).
Vulnerabilities description
- CVE-2024-26458
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
- CVE-2024-26461
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-26458
|
no information | 5.9 | no information |
|
NIST — CVE-2024-26461
|
no information | 5.9 | no information |
Updated packages