Описание
ELSA-2024-8860: krb5 security update (IMPORTANT)
[1.18.2-30.0.1]
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
[1.18.2-30]
- libkrad: implement support for Message-Authenticator (CVE-2024-3596) Resolves: RHEL-50253
- Remove RSA protocol for PKINIT Resolves: RHEL-17616
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
krb5-devel
1.18.2-30.0.1.el8_10
krb5-libs
1.18.2-30.0.1.el8_10
krb5-pkinit
1.18.2-30.0.1.el8_10
krb5-server
1.18.2-30.0.1.el8_10
krb5-server-ldap
1.18.2-30.0.1.el8_10
krb5-workstation
1.18.2-30.0.1.el8_10
libkadm5
1.18.2-30.0.1.el8_10
Oracle Linux x86_64
krb5-devel
1.18.2-30.0.1.el8_10
krb5-libs
1.18.2-30.0.1.el8_10
krb5-pkinit
1.18.2-30.0.1.el8_10
krb5-server
1.18.2-30.0.1.el8_10
krb5-server-ldap
1.18.2-30.0.1.el8_10
krb5-workstation
1.18.2-30.0.1.el8_10
libkadm5
1.18.2-30.0.1.el8_10
Связанные CVE
Связанные уязвимости
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a ...