[39358] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

3 kerberos security issues

daemon@ATHENA.MIT.EDU (Alexander Bergmann via Kerberos)
Fri Mar 1 14:31:02 2024

Date: Fri, 1 Mar 2024 13:13:05 +0100
To: kerberos@mit.edu
Message-ID: <20240301121305.s76fxuoesmnupbuw@castor>
MIME-Version: 1.0
From: Alexander Bergmann via Kerberos <kerberos@mit.edu>
Reply-To: Alexander Bergmann <abergmann@suse.com>
Content-Type: multipart/mixed; boundary="===============4758598901799640273=="
Errors-To: kerberos-bounces@mit.edu


--===============4758598901799640273==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="nl2vzqc6b3tqrsag"
Content-Disposition: inline


--nl2vzqc6b3tqrsag
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi everyone,

We got notified via NVD about 3 new security issues. Right now there
seams to be no upstream reference. Could someone please comment on this?=20

CVE-2024-26458: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
CVE-2024-26461: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
CVE-2024-26462: Memory leak at /krb5/src/kdc/ndr.c

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-26458
https://nvd.nist.gov/vuln/detail/CVE-2024-26461
https://nvd.nist.gov/vuln/detail/CVE-2024-26462



Thanks,
Alex~

--=20
Alexander Bergmann <abergmann@suse.com>
Security Engineer, GPG: E30A 65A4 0F50 0066 B2B5  F614 DE54 E875 9FFA 4886
SUSE Software Solutions Germany GmbH
Frankenstr. 146, 90461 Nuernberg, Germany
Managing Director/Gesch=E4ftsf=FChrer: Ivo Totev, Andrew McDonald, Werner K=
noblich
(HRB 36809, AG N=FCrnberg)

--nl2vzqc6b3tqrsag
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEE4wplpA9QAGaytfYU3lTodZ/6SIYFAmXhxk4ACgkQ3lTodZ/6
SIYEEAf+J72CK1bmGi1dTOcnENMa5iynjF6RN+dgG4L4gKhHmya1kDNat47iyJkg
dow2A0WkjfdscklejB4PDxjDr3U5Z+oVHROlCZfIAlH3S1M3PX0b7RlfBBwNZ4wY
T0QhBqf2T1P0X4N+ofoUi1UBRsQT8md6+AyXBCvvsMO5q147cuEIeICr98rUJ38q
Wp3L/Of9CdzFjVAzmD5HaTDFqlRKBw3N1oGGXQOYRUcAh9xL6BekNydiJjUu0OpI
zSo1w6v/noa9sMIbgOkcclScdALzmvIne+fKOYqeCUf3UqFkQ/9h7Y7LvzIAapAU
wlVeyh6GSqGJdAkPV3rHpEv2ZB2BOg==
=y9fp
-----END PGP SIGNATURE-----

--nl2vzqc6b3tqrsag--

--===============4758598901799640273==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

--===============4758598901799640273==--


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[39358] in Kerberos

3 kerberos security issues

daemon@ATHENA.MIT.EDU (Alexander Bergmann via Kerberos)Fri Mar 1 14:31:02 2024

daemon@ATHENA.MIT.EDU (Alexander Bergmann via Kerberos)
Fri Mar 1 14:31:02 2024