[SECURITY] [DLA 4065-1] krb5 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4065-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucariès
February 23, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : krb5
Version : 1.18.3-6+deb11u6
CVE ID : CVE-2025-24528
Debian Bug : 1094730
MIT krb5 a popular implementation of Kerberos 5 protocol was
affected by a vulnerability.
An authenticated attacker can cause kadmind to write beyond
the end of the mapped region for the iprop log file, likely causing a
process crash.
For Debian 11 bullseye, this problem has been fixed in version
1.18.3-6+deb11u6.
We recommend that you upgrade your krb5 packages.
For the detailed security status of krb5 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/krb5
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAme7lNwACgkQADoaLapB
CF8tSQ//QOOyjXcB8Wl+dbZJ3XgnADQg1djE2FPgRSy9I7FmPuCrfPqe5s4vJVnd
J0ESnBZd33A++eu6u7XVDSSrVMlABEfT4SbYuqQOUQiDA7BvXWL/wdMvZlkgGodJ
FKKY0jbpzfQ3MXNm+Or3fsmQgWRBkCLwOkr6QaU5w9I+tSSPFO9bnJHSXwJr/cZJ
cwWyTQd9MRHwpibg5kzTHGS6jDD1pkVc+dQCgbkzrcwi2q2HsNMfwFpqtJ5Qa3kw
2lfEAW+s4VlrZnvzI0eRhglCvTe4S65rBNN3T9c/jyWUXGJZaZEwY6ldIEA5YeXS
x2dOjUP/6yVGAzLUOITmrC7aAcyspHzPlE3qTtXRpDubgF9PMsJXAW3oa88HgCG7
tVI7CgJsxHkK8ZRt3GxJamYY7SnDICimhZhrqzHkJW5hws3yf4vC65O40XxI0Pp1
mVHRGB/NjwSH+yv7NhA4rvov2yDBM3QxCSWydNcmw44hbPhRbkP1MUQpELbbHP8W
YiyxJ+4IFtIRBid49fTn/nP1ccp8/lMjrXWK2llV5r54AZtqyWh8a6CAPIxEtZsP
JltDtbNWSiKbZT+HxTMWjMPFqSXk779LZ6z+/CjcMS7uGnzXRPKr/A5yvkVlCnbf
kktEv3bmXgWFor8gdnO9mrAi8VXqeJhEOOPHVFi0ITdvbt62Ozo=
=v6av
-----END PGP SIGNATURE-----
Reply to: