Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5726-1] krb5 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5726-1] krb5 security update


Chronologisch Thread  
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5726-1] krb5 security update
  • Date: Fri, 05 Jul 2024 21:18:01 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1sPqJd-001TVj-B2 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=3uPCl55foRIzXiiZA3UgoiDW+ARJpNB23WXOsFQywHU=; b=K+ JVv1dFG0PLm7D5ccIG3iAwWFz2Ym0yr+hkYxVPQxQPXQwPeHv+cOI7cFa6547pfaBrHWTnMiSmxcW 9+2mXtrPxFqZlygTVjf5IV/vglW6Zf+yhusp0T19SoRuwt+Y4j6EjqAtLTfrcVc4g6p+oU1oUKXf+ 20lgC2FMeNj06ZCxvzO7XAhl2ovGx4vcrmmbCjvQV9lX/9vKIfLWgo45RtGGpnz/MSwT1rb5sQo9j z0EnlWd6DUG/w2PQqz7fW5vQOpv0gqI6fRuoJOt63HbBKjKUeRL2SNBhVEzxcI4t2qQUxcJN4vUfl rolmLZvXMjLPGK90y1pu+ctfgCzx4JQw==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 5 Jul 2024 21:18:24 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <T2bzUyO4T8G.A.uICE.gMGimB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5726-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 05, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : krb5
CVE ID : CVE-2024-37370 CVE-2024-37371

Two vulnerabilities were discovered in the GSS message token handling in
krb5, the MIT implementation of Kerberos. An attacker can take advantage
of these flaws to bypass integrity protections or cause a denial of
service.

For the oldstable distribution (bullseye), these problems have been fixed
in version 1.18.3-6+deb11u5.

For the stable distribution (bookworm), these problems have been fixed in
version 1.20.1-2+deb12u2.

We recommend that you upgrade your krb5 packages.

For the detailed security status of krb5 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/krb5

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaIYgxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QlXw//Zxf+qU8sOJoolWJrkNtWA4QXSkbSqPzzufgxH97Tac6qgYEo9KIDMZzS
eThOW0r1OqqPS3131lMRgRpzDpJd502vHylsAOyKp9zUloVr9dSK0R1W1ALp0tOp
I55xB9KnNxRwmuaXqpDbs/g9eBX+oLcbaLyq9krT4baQg/f4sfWd+mBFkPEAbVcH
tvUzuGL34ANUaSwIaJ7pcCBjUWZtqL9XNC0DsB7n3xyuKk193/dASajAopsOavBR
6imyxmxNduO9F+MxSd7IELCyRqRZ7YkM30ZCmKgYM4velc8fFYSLmdT8lzvogBbc
rCnH161JkSy2mxLS5MjmdbY8V/Pu37xL3lcejoYmq4RM5eceZuGOr6LYk3Xp3nzV
ytVrZ852Az2KZa0EwZQ7Haz2csStbmKwTDQRbHkq21+BMZ5ZkWF6Lj0jeCx/UsSY
gpWDDsKbSsrioIMM5W9q6avf1O0h/xUTy/S2k1+kY0RrAnI49NIivSc9J9ZwoRvV
5ygq7Cu7K/cYU4KxrmRQB0Us2EEUY9TCAOKNXXu9h/YpV3WQUzfBlkw+o0OYQ6vG
poxo0kOR2bzfCwT2aKSbtq3uXMaeg64rHhMG1PrsO1gDn8NczoQ1nsWnZQ4rdeUj
lEbzC7NBzPQNVpbCt+NvaXdZjI7CIB3kfrgRfwQSGji/VlSVhVk=
=oNDx
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 5726-1] krb5 security update, Salvatore Bonaccorso, 05.07.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang