-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmfF5asFAwAAAAAACgkQZWnYVadEvpNL
kw//XQY15d7Pdj9m9MDK90wGXJCK1uNUEskIG/QeQ96NpKoSpu8qlnJ7T5KaXXdz6IAma5DI3XuM
NwSNSUT20aivRY322wUphIrOLF5+vzx5scHy1ExAm4nq+gRmyqUPggvXbu40fy+9xqZSz33dhfN7
G4R7xvrXMbycuzEewudriZOYVznt4iHO+tvVXvnVIqDcgDw6A0qF8bgPPDesA5AdnQLm+Vo63njc
UbyEcykUnNb+eRwjVRKyetYjB4eXtegZesIwT74d1avD/NKwG5E+2YG9Cx/EGFdVIRVpF8a9dA8m
Gwatom2OJxOJTexhyB/nYn9tXtKhCmzPnLoWKtfuAyN5GMJ9cCEypbt453oysuqmpdqDED8Sm/o2
NBH0NCU9qls1esPQ4W+lts/3OJtRws8MPkXcPoJboixR2hn8wmCejBOALoX0nmiNSCBZvzBW49Q4
lLgDWnJM9iw0ThSMNdxCSR7dYTgBoDIHObVRhXsB2ZEAHH/JN/cWCd8UZFFBiK2iSlp/5WYqKLrC
vvO5lTXkWzhgH5ibTN9UQioygw8fXaO47vb4v28uxwtYku2MWFB6FyU/y3NVaOMZBmZJa4WsK/vF
TgV4j5UHxTD+ps2mH9XR883UF63YU1hjdkg0PcP1uHGWvF6yipi+VWkjKtU7gxu3oQhZABKS2tKc
RKI=
=XxXs
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7314-1
March 03, 2025
krb5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Kerberos.
Software Description:
- krb5: MIT Kerberos Network Authentication Protocol
Details:
It was discovered that Kerberos incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
Kerberos to consume memory,leading to a denial of service. (CVE-2024-26458,
CVE-2024-26461)
It was discovered that Kerberos incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
Kerberos to consume memory,leading to a denial of service. This issue only
affected Ubuntu 24.04 LTS. (CVE-2024-26462)
It was discovered that the Kerberos kadmind daemon incorrectly handled log
files when incremental propagation was enabled. An authenticated attacker
could use this issue to cause kadmind to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-24528)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
krb5-admin-server 1.21.3-3ubuntu0.2
krb5-kdc 1.21.3-3ubuntu0.2
libgssapi-krb5-2 1.21.3-3ubuntu0.2
libgssrpc4t64 1.21.3-3ubuntu0.2
libkdb5-10t64 1.21.3-3ubuntu0.2
Ubuntu 24.04 LTS
krb5-admin-server 1.20.1-6ubuntu2.5
krb5-kdc 1.20.1-6ubuntu2.5
libgssapi-krb5-2 1.20.1-6ubuntu2.5
libgssrpc4t64 1.20.1-6ubuntu2.5
libkdb5-10t64 1.20.1-6ubuntu2.5
Ubuntu 22.04 LTS
krb5-admin-server 1.19.2-2ubuntu0.6
krb5-kdc 1.19.2-2ubuntu0.6
libgssapi-krb5-2 1.19.2-2ubuntu0.6
libgssrpc4 1.19.2-2ubuntu0.6
libkdb5-10 1.19.2-2ubuntu0.6
Ubuntu 20.04 LTS
krb5-admin-server 1.17-6ubuntu4.9
krb5-kdc 1.17-6ubuntu4.9
libgssapi-krb5-2 1.17-6ubuntu4.9
libgssrpc4 1.17-6ubuntu4.9
libkdb5-9 1.17-6ubuntu4.9
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7314-1
CVE-2024-26458, CVE-2024-26461, CVE-2024-26462, CVE-2025-24528
Package Information:
https://launchpad.net/ubuntu/+source/krb5/1.21.3-3ubuntu0.2
https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.5
https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.6
https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.9
No comments:
Post a Comment