SUSE_ALP_Standard/patchinfo.20240909081634489451.269002615871826/_patchinfo

29 lines
1.7 KiB
Plaintext

<patchinfo>
<!-- generated from request(s) 337124 -->
<issue tracker="bnc" id="1220770">VUL-0: CVE-2024-26458: krb5: memory leak at /krb5/src/lib/rpc/pmap_rmt.c</issue>
<issue tracker="bnc" id="1220771">VUL-0: CVE-2024-26461: krb5: memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c</issue>
<issue tracker="bnc" id="1220772">VUL-0: CVE-2024-26462: krb5: memory leak at /krb5/src/kdc/ndr.c</issue>
<issue tracker="bnc" id="1227186">VUL-0: CVE-2024-37370: krb5: confidential GSS krb5 wrap tokens with invalid plaintext Extra Count fields are errouneously accepted during unwrap</issue>
<issue tracker="bnc" id="1227187">VUL-0: CVE-2024-37371: krb5: invalid memory read when processing message tokens with invalid length fields</issue>
<issue tracker="cve" id="2024-26458"/>
<issue tracker="cve" id="2024-26461"/>
<issue tracker="cve" id="2024-26462"/>
<issue tracker="cve" id="2024-37370"/>
<issue tracker="cve" id="2024-37371"/>
<packager>scabrero</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for krb5</summary>
<description>This update for krb5 fixes the following issues:
- CVE-2024-37370: Confidential GSS krb5 wrap tokens with invalid plaintext Extra Count fields were erroneously accepted during unwrap (bsc#1227186)
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187)
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770)
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771)
- CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772)
</description>
<package>krb5</package>
<package>krb5:krb5-mini</package>
<seperate_build_arch/>
</patchinfo>