Package krb5 updated to version 1.14.6-alt1.M80P.1 for branch p8 in task 204403.

Published: 2017-08-09
Modified: 2024-11-21

CVE-2017-11368

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

100291
100291
RHSA-2018:0666
RHSA-2018:0666
https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970
https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970
FEDORA-2017-e5b36383f4
FEDORA-2017-e5b36383f4
FEDORA-2017-8e9d9771c4
FEDORA-2017-8e9d9771c4

Published: 2017-09-13
Modified: 2024-11-21

CVE-2017-11462

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
https://bugzilla.redhat.com/show_bug.cgi?id=1488873
https://bugzilla.redhat.com/show_bug.cgi?id=1488873
https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
FEDORA-2017-10c74147f9
FEDORA-2017-10c74147f9

Version: 2.1.0

Package krb5 update in p8 on 2018-05-03

ALT-PU-2018-1648-1

Closed vulnerabilities

CVE-2017-11368

CVE-2017-11462