| Package | krb5 |
|---|---|
| Version | 1.12.1+dfsg-19+deb8u9 (jessie), 1.15-1+deb9u6 (stretch), 1.17-3+deb10u7 (buster) |
| Related CVEs | CVE-2024-26458 CVE-2024-26461 CVE-2024-37370 CVE-2024-37371 |
Multiple vulnerabilities have been fixed in krb5, the MIT implementation of the Kerberos network authentication protocol.
CVE-2024-26458
Memory leak in xmt_rmtcallres()
CVE-2024-26461
Memory leak in gss_krb5int_make_seal_token_v3()
CVE-2024-37370
GSS wrap token Extra Count field manipulation
CVE-2024-37371
Invalid GSS memory reads with manipulated tokens
For Debian 10 buster, these problems have been fixed in version 1.17-3+deb10u7.
For Debian 8 jessie, these problems have been fixed in version 1.12.1+dfsg-19+deb8u9.
For Debian 9 stretch, these problems have been fixed in version 1.15-1+deb9u6.
We recommend that you upgrade your krb5 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.