| Summary: | krb5 new security issues CVE-2024-26458 and CVE-2024-2646[12] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, jani.valimaa, sysadmin-bugs |
| Version: | 9 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | krb5-1.20.1-1.mga9.src.rpm | CVE: | CVE-2024-26458, CVE-2024-26461, CVE-2024-26462 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-04-09 10:32:46 CEST
Nicolas Salguero
2024-04-09 10:33:57 CEST
Status comment:
(none) =>
Patches available from SUSE This starting point: https://lwn.net/Articles/968978/ * CVE-2024-26458 * CVE-2024-26461 contains these URLs: * https://bugzilla.suse.com/show_bug.cgi?id=1220770 * https://bugzilla.suse.com/show_bug.cgi?id=1220771 which lead to what look like these patches: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_5.png https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_1.png In the absence of an obvious maintainer, assigning this globally. CC'ing wally who has done most recent commits. Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated packages fix security vulnerabilities: Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. (CVE-2024-26458) Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. (CVE-2024-26461) References: https://lwn.net/Articles/968978/ ======================== Updated packages in core/updates_testing: ======================== krb5-1.20.1-1.1.mga9 krb5-pkinit-1.20.1-1.1.mga9 krb5-server-1.20.1-1.1.mga9 krb5-server-ldap-1.20.1-1.1.mga9 krb5-workstation-1.20.1-1.1.mga9 lib(64)krb53-1.20.1-1.1.mga9 lib(64)krb53-devel-1.20.1-1.1.mga9 from SRPM: krb5-1.20.1-1.1.mga9.src.rpm Version:
Cauldron =>
9 RH mageia 9 x86_64
LC_ALL=C urpmi /home/katnatek/qa-testing/x86_64/*.rpm
Marking krb5 as manually installed, it won't be auto-orphaned
writing /var/lib/rpm/installed-through-deps.list
installing krb5-1.20.1-1.1.mga9.x86_64.rpm krb5-server-ldap-1.20.1-1.1.mga9.x86_64.rpm lib64krb53-devel-1.20.1-1.1.mga9.x86_64.rpm krb5-pkinit-1.20.1-1.1.mga9.x86_64.rpm krb5-server-1.20.1-1.1.mga9.x86_64.rpm lib64krb53-1.20.1-1.1.mga9.x86_64.rpm krb5-workstation-1.20.1-1.1.mga9.x86_64.rpm from /home/katnatek/qa-testing/x86_64
Preparing... ##################################################################################################
1/7: krb5 ##################################################################################################
2/7: lib64krb53 ##################################################################################################
3/7: lib64krb53-devel ##################################################################################################
4/7: krb5-server ##################################################################################################
5/7: krb5-server-ldap ##################################################################################################
6/7: krb5-pkinit ##################################################################################################
7/7: krb5-workstation ##################################################################################################
1/3: removing lib64krb53-devel-1.20.1-1.mga9.x86_64
##################################################################################################
2/3: removing lib64krb53-1.20.1-1.mga9.x86_64
##################################################################################################
3/3: removing krb5-1.20.1-1.mga9.x86_64
##################################################################################################
I think the procedure https://wiki.mageia.org/en/QA_procedure:Krb5 should give some suggestions other than just [If the setup script complains that the forward and reverse dsn settings do not match, post a request for help to the qa discussion list.]
I let in clean install, and Wait to see if others do a successful test
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. Followed QA procedure, and it works OK as described, until at the end the krlogin command does not return feedback, and a telnet returns connection refused. This is all quite the same as in previous bugs 31157 and 29260 and 24068, so giving the OK following those and the comment above. Whiteboard:
(none) =>
MGA9-64-OK With three bugs for examples, that should be good enough. Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0158.html Resolution:
(none) =>
FIXED That update also solved CVE-2024-26462. CVE:
CVE-2024-26458, CVE-2024-26461 =>
CVE-2024-26458, CVE-2024-26461, CVE-2024-26462 |
