Описание
ELSA-2024-9474: krb5 security update (IMPORTANT)
[1.21.1-4.0.1]
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
[1.21.1-4]
- libkrad: implement support for Message-Authenticator (CVE-2024-3596) Resolves: RHEL-55423
- Fix various issues detected by static analysis Resolves: RHEL-58216
- Remove RSA protocol for PKINIT Resolves: RHEL-15323
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
krb5-devel
1.21.1-4.0.1.el9_5
krb5-libs
1.21.1-4.0.1.el9_5
krb5-pkinit
1.21.1-4.0.1.el9_5
krb5-server
1.21.1-4.0.1.el9_5
krb5-server-ldap
1.21.1-4.0.1.el9_5
krb5-workstation
1.21.1-4.0.1.el9_5
libkadm5
1.21.1-4.0.1.el9_5
Oracle Linux x86_64
krb5-devel
1.21.1-4.0.1.el9_5
krb5-libs
1.21.1-4.0.1.el9_5
krb5-pkinit
1.21.1-4.0.1.el9_5
krb5-server
1.21.1-4.0.1.el9_5
krb5-server-ldap
1.21.1-4.0.1.el9_5
krb5-workstation
1.21.1-4.0.1.el9_5
libkadm5
1.21.1-4.0.1.el9_5
Связанные CVE
Связанные уязвимости
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a ...