[SECURITY] [DLA 4065-1] krb5 security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4065-1] krb5 security update
From: rouca@debian.org
Date: Sun, 23 Feb 2025 21:36:28 +0000
Message-id: <[🔎] b6dd5fc785897b5870a9b8ff19c5c764@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4065-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
February 23, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : krb5
Version        : 1.18.3-6+deb11u6
CVE ID         : CVE-2025-24528
Debian Bug     : 1094730

MIT krb5 a popular implementation of Kerberos 5 protocol was
affected by a vulnerability.

An authenticated attacker can cause kadmind to write beyond
the end of the mapped region for the iprop log file, likely causing a
process crash.

For Debian 11 bullseye, this problem has been fixed in version
1.18.3-6+deb11u6.

We recommend that you upgrade your krb5 packages.

For the detailed security status of krb5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/krb5

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAme7lNwACgkQADoaLapB
CF8tSQ//QOOyjXcB8Wl+dbZJ3XgnADQg1djE2FPgRSy9I7FmPuCrfPqe5s4vJVnd
J0ESnBZd33A++eu6u7XVDSSrVMlABEfT4SbYuqQOUQiDA7BvXWL/wdMvZlkgGodJ
FKKY0jbpzfQ3MXNm+Or3fsmQgWRBkCLwOkr6QaU5w9I+tSSPFO9bnJHSXwJr/cZJ
cwWyTQd9MRHwpibg5kzTHGS6jDD1pkVc+dQCgbkzrcwi2q2HsNMfwFpqtJ5Qa3kw
2lfEAW+s4VlrZnvzI0eRhglCvTe4S65rBNN3T9c/jyWUXGJZaZEwY6ldIEA5YeXS
x2dOjUP/6yVGAzLUOITmrC7aAcyspHzPlE3qTtXRpDubgF9PMsJXAW3oa88HgCG7
tVI7CgJsxHkK8ZRt3GxJamYY7SnDICimhZhrqzHkJW5hws3yf4vC65O40XxI0Pp1
mVHRGB/NjwSH+yv7NhA4rvov2yDBM3QxCSWydNcmw44hbPhRbkP1MUQpELbbHP8W
YiyxJ+4IFtIRBid49fTn/nP1ccp8/lMjrXWK2llV5r54AZtqyWh8a6CAPIxEtZsP
JltDtbNWSiKbZT+HxTMWjMPFqSXk779LZ6z+/CjcMS7uGnzXRPKr/A5yvkVlCnbf
kktEv3bmXgWFor8gdnO9mrAi8VXqeJhEOOPHVFi0ITdvbt62Ozo=
=v6av
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4064-1] libxml2 security update
Next by Date: [SECURITY] [DLA 4066-1] fort-validator security update
Previous by thread: [SECURITY] [DLA 4064-1] libxml2 security update
Next by thread: [SECURITY] [DLA 4066-1] fort-validator security update
Index(es):
- Date
- Thread