33344 – krb5 new security issues CVE-2024-3737[01]

Bug 33344 - krb5 new security issues CVE-2024-3737[01]

Summary: krb5 new security issues CVE-2024-3737[01]

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2024-07-01 09:05 CEST by Nicolas Salguero
Modified:	2024-07-03 18:37 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	krb5-1.20.1-1.1.mga9.src.rpm
CVE:	CVE-2024-37370, CVE-2024-37371
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-07-01 09:05:02 CEST

Those CVEs were announced here:
https://www.openwall.com/lists/oss-security/2024/06/28/5

The problem is solved with version 1.21.3 or with: https://github.com/krb5/krb5/commit/b0a2f8a5365f2eec3e27d78907de9f9d2c80505a

Mageia 9 is also affected.

Nicolas Salguero 2024-07-01 09:05:34 CEST

Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-37370, CVE-2024-37371
Status comment: (none) => Fixed upstream in 1.21.3 and patch available from upstream
Source RPM: (none) => krb5-1.21.2-3.mga10.src.rpm

Comment 1 Nicolas Salguero 2024-07-01 14:13:39 CEST

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. (CVE-2024-37370)

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. (CVE-2024-37371)

References:
https://www.openwall.com/lists/oss-security/2024/06/28/5
========================

Updated packages in core/updates_testing:
========================
krb5-1.20.1-1.2.mga9
krb5-pkinit-1.20.1-1.2.mga9
krb5-server-1.20.1-1.2.mga9
krb5-server-ldap-1.20.1-1.2.mga9
krb5-workstation-1.20.1-1.2.mga9
lib(64)krb53-1.20.1-1.2.mga9
lib(64)krb53-devel-1.20.1-1.2.mga9

from SRPM:
krb5-1.20.1-1.2.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Source RPM: krb5-1.21.2-3.mga10.src.rpm => krb5-1.20.1-1.1.mga9.src.rpm
Status comment: Fixed upstream in 1.21.3 and patch available from upstream => (none)
Version: Cauldron => 9
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs

katnatek 2024-07-01 21:46:00 CEST

Keywords: (none) => advisory

Comment 2 Herman Viaene 2024-07-03 10:53:52 CEST

MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
Followed wiki with success, good to go.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Comment 3 Thomas Andrews 2024-07-03 14:09:45 CEST

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 4 Mageia Robot 2024-07-03 18:37:21 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0253.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.