Source: krb5 X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security
Hi, The following vulnerabilities were published for krb5. They appeared in the CVE feed, but I doubt they have actually been forwarded to Kerberos upstream... CVE-2024-26458[0]: | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in | /krb5/src/lib/rpc/pmap_rmt.c. https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md CVE-2024-26461[1]: | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in | /krb5/src/lib/gssapi/krb5/k5sealv3.c. https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md CVE-2024-26462[2]: | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in | /krb5/src/kdc/ndr.c. https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-26458 https://www.cve.org/CVERecord?id=CVE-2024-26458 [1] https://security-tracker.debian.org/tracker/CVE-2024-26461 https://www.cve.org/CVERecord?id=CVE-2024-26461 [2] https://security-tracker.debian.org/tracker/CVE-2024-26462 https://www.cve.org/CVERecord?id=CVE-2024-26462 Please adjust the affected versions in the BTS as needed.
