[39465] in Kerberos
Inquiry Regarding CVE-2024-26461 Fix in Upcoming krb5 Release
daemon@ATHENA.MIT.EDU (Zhang, Shawn via Kerberos)
Fri Nov 8 12:04:04 2024
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Fri, 8 Nov 2024 06:43:11 +0000
Message-ID: <LV2PR19MB586171D088976ABB6F02B584835D2@LV2PR19MB5861.namprd19.prod.outlook.com>
Content-Language: en-US
MIME-Version: 1.0
From: "Zhang, Shawn via Kerberos" <kerberos@mit.edu>
Reply-To: "Zhang, Shawn" <Shawn.Zhang@Dell.com>
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Dear Greg Hudson,
I hope this message finds you well.
I am writing to inquire about the current status and expected timeline for addressing the CVE identified in the krb5 software. Our team needs to understand when a fix for this vulnerability will be available in an upcoming release to plan our security updates accordingly.
I can see that commit c5f9c816107f70139de11b38aa02db2f1774ee0d <https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d> includes the fix for CVE NVD - CVE-2024-26461<https://nvd.nist.gov/vuln/detail/CVE-2024-26461>. However, these changes are not yet included in the latest krb5 release, which is 1.21.3 (krb5-1.21.3-final <https://github.com/krb5/krb5/tree/krb5-1.21.3-final> ).
Could you please provide more details on the targeted release version and date for the fix?
Your assistance in this matter is highly appreciated as it will help us ensure the security and stability of our systems. I look forward to your prompt response.
Thank you for your attention and cooperation.
Best regards,
Shawn Zhang (he/him)
Senior Principal Engineer, Protocol
Dell Technologies | Unstructured & Secondary Storage
Shawn.Zhang@Dell.com<mailto:Shawn.Zhang@Dell.com>
Internal Use - Confidential
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
