ELSA-2024-8788

Опубликовано: 30 нояб. 2024

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2024-8788: krb5 security update (IMPORTANT)

[1.15.1-55.0.7]

libkrad: implement support for Message-Authenticator (CVE-2024-3596) [Orabug: 37241077]

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

krb5-devel

1.15.1-55.0.7.el7_9

krb5-libs

1.15.1-55.0.7.el7_9

krb5-pkinit

1.15.1-55.0.7.el7_9

krb5-server

1.15.1-55.0.7.el7_9

krb5-server-ldap

1.15.1-55.0.7.el7_9

krb5-workstation

1.15.1-55.0.7.el7_9

libkadm5

1.15.1-55.0.7.el7_9

Oracle Linux x86_64

krb5-devel

1.15.1-55.0.7.el7_9

krb5-libs

1.15.1-55.0.7.el7_9

krb5-pkinit

1.15.1-55.0.7.el7_9

krb5-server

1.15.1-55.0.7.el7_9

krb5-server-ldap

1.15.1-55.0.7.el7_9

krb5-workstation

1.15.1-55.0.7.el7_9

libkadm5

1.15.1-55.0.7.el7_9

Связанные CVE

CVE-2024-3596

Ссылки на источники

Связанные уязвимости

CVE-2024-3596

CVSS3: 9

ubuntu

11 месяцев назад

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.