Gentoo alert 202405-11 (MIT krb5)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202405-11 ] MIT krb5: Multiple Vulnerabilities | |
| Date: | Sun, 05 May 2024 07:14:21 -0000 | |
| Message-ID: | <171489326149.8.611995914739645431@987c7955d8b1> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MIT krb5: Multiple Vulnerabilities Date: May 05, 2024 Bugs: #803434, #809845, #879875, #917464 ID: 202405-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution. Background ========== MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Affected packages ================= Package Vulnerable Unaffected ------------------ ------------ ------------ app-crypt/mit-krb5 < 1.21.2 >= 1.21.2 Description =========== Multiple vulnerabilities have been discovered in MIT krb5. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All MIT krb5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.21.2" References ========== [ 1 ] CVE-2021-36222 https://nvd.nist.gov/vuln/detail/CVE-2021-36222 [ 2 ] CVE-2021-37750 https://nvd.nist.gov/vuln/detail/CVE-2021-37750 [ 3 ] CVE-2022-42898 https://nvd.nist.gov/vuln/detail/CVE-2022-42898 [ 4 ] CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 [ 5 ] CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202405-11 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmY3Mc0ACgkQFMQkOaVy +9mPwBAA0JLl6eYegLZzqnA0HmA4vwwoHL7WsGfSpmRJfpffonh9VcjYO9wYbmd1 MCySLlml3pliZQo4waQAUXy+Lc7/0CfbzNxdH5wW7QlPBdfszM7fb4TRDNRcGS1M wKnhSgVtp+W5Whut9MnDEzhFspB9wLJ2qUsaz6mfpWnh84DloJUEvB4m/BTf8zyb IEziHh8PPkTVpdNQTaB+i6Fo/+//MtF7LiA6jmnC3KJiwb0Lmh5q4xcbDYMtFdGR obq9M1Ah2bLoewkX3FFV8MsRAKhxm53NdT1Are6PSHKD9UMt9R1nQ1PYl56DThii f2oNYEhFX6c/6tlhtboephc3VMPoYtGmpx4FvcK+1DJea03LN1j0gp43aEE2CDie 1gmTmh8S28VlQshh30t1En9f1yyPtWVTvRUDCZbJm4gPORmSv9ulGZZ14XAXZW1Y tZWRwkjhNlitl22cLKURQ+TIzORrDUOTiiny88oQMu0ifk3ArWlUkcPq7Bdlsrh/ fmc2o1wNOO9Z6kg06oEC4jAJDIgP7Gd7QkC3M4xXWwK27UMuWUN4NHE0V20DCGpO UtF85kHun18XD0h8JrDIvrJ674pZPLdxyPlIdBL9us4RD9dquEBWEFuYUGdU4tk2 /8F/yG0sTvj6G49N3YFE77gscfjnDn+Y+4mPxrGr5qJ7XBsFfeo= =uKsx -----END PGP SIGNATURE-----