AVG-2856 log
| Package | krb5 |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 1.21.2-1 |
| Fixed | 1.21.3-1 |
| Current | 1.21.3-2 [core] |
| Ticket | None |
| Created | Sat Jul 6 16:29:54 2024 |
| Advisory | Pending |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2024-37371 | Medium | Yes | Denial of service | In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with... |
| CVE-2024-37370 | Medium | Yes | Content spoofing | In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the... |