ELA-987-1 krb5 security update

freeing of uninitialized pointer

2023-10-23
Packagekrb5
Version1.12.1+dfsg-19+deb8u8 (jessie), 1.15-1+deb9u5 (stretch)
Related CVEs CVE-2023-36054


Potential freeing of an uninitialized pointer in kadm_rpc_xdr.c was fixed in krb5, the MIT implementation of the Kerberos network authentication protocol.



For Debian 8 jessie, these problems have been fixed in version 1.12.1+dfsg-19+deb8u8.

For Debian 9 stretch, these problems have been fixed in version 1.15-1+deb9u5.

We recommend that you upgrade your krb5 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.