Read Time:45 Second

FEDORA-2024-df2c70dba9

Packages in this update:

krb5-1.21.3-1.fc39

Update description:

This update fixes multiple CVEs and rebases to the latest upstream version:

* Tue Jul 09 2024 Julien Rische <jrische@redhat.com> – 1.21.3-1
– New upstream version (1.21.3)
– CVE-2024-26458: Memory leak in src/lib/rpc/pmap_rmt.c
Resolves: rhbz#2266732
– CVE-2024-26461: Memory leak in src/lib/gssapi/krb5/k5sealv3.c
Resolves: rhbz#2266741
– CVE-2024-26462: Memory leak in src/kdc/ndr.c
Resolves: rhbz#2266743
– Add missing SPDX license identifiers
Resolves: rhbz#2265333

* Mon Jul 08 2024 Julien Rische <jrische@redhat.com> – 1.21.2-6
– CVE-2024-37370 CVE-2024-37371: GSS message token handling
Resolves: rhbz#2294678 rhbz#2294680
– Fix double free in klist’s show_ccache()
Resolves: rhbz#2257301
– Do not include files with “~” termination in krb5-tests

Read More