Security update for krb5 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20051-1 Final 1 1 2025-02-03T08:56:00Z current 2025-02-03T08:56:00Z 2025-02-03T08:56:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for krb5 This update for krb5 fixes the following issues: - CVE-2024-37370: Confidential GSS krb5 wrap tokens with invalid plaintext Extra Count fields were erroneously accepted during unwrap (bsc#1227186) - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187) - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770) - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771) - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-74 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520051-1/ Link for SUSE-SU-2025:20051-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021275.html E-Mail link for SUSE-SU-2025:20051-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1220770 SUSE Bug 1220770 https://bugzilla.suse.com/1220771 SUSE Bug 1220771 https://bugzilla.suse.com/1220772 SUSE Bug 1220772 https://bugzilla.suse.com/1227186 SUSE Bug 1227186 https://bugzilla.suse.com/1227187 SUSE Bug 1227187 https://www.suse.com/security/cve/CVE-2024-26458/ SUSE CVE CVE-2024-26458 page https://www.suse.com/security/cve/CVE-2024-26461/ SUSE CVE CVE-2024-26461 page https://www.suse.com/security/cve/CVE-2024-26462/ SUSE CVE CVE-2024-26462 page https://www.suse.com/security/cve/CVE-2024-37370/ SUSE CVE CVE-2024-37370 page https://www.suse.com/security/cve/CVE-2024-37371/ SUSE CVE CVE-2024-37371 page SUSE Linux Micro 6.0 krb5-1.20.1-5.1 krb5-1.20.1-5.1 as a component of SUSE Linux Micro 6.0 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. CVE-2024-26458 SUSE Linux Micro 6.0:krb5-1.20.1-5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520051-1/ https://www.suse.com/security/cve/CVE-2024-26458.html CVE-2024-26458 https://bugzilla.suse.com/1220770 SUSE Bug 1220770 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461 SUSE Linux Micro 6.0:krb5-1.20.1-5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520051-1/ https://www.suse.com/security/cve/CVE-2024-26461.html CVE-2024-26461 https://bugzilla.suse.com/1220770 SUSE Bug 1220770 https://bugzilla.suse.com/1220771 SUSE Bug 1220771 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. CVE-2024-26462 SUSE Linux Micro 6.0:krb5-1.20.1-5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520051-1/ https://www.suse.com/security/cve/CVE-2024-26462.html CVE-2024-26462 https://bugzilla.suse.com/1220770 SUSE Bug 1220770 https://bugzilla.suse.com/1220772 SUSE Bug 1220772 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 SUSE Linux Micro 6.0:krb5-1.20.1-5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520051-1/ https://www.suse.com/security/cve/CVE-2024-37370.html CVE-2024-37370 https://bugzilla.suse.com/1227186 SUSE Bug 1227186 https://bugzilla.suse.com/1227187 SUSE Bug 1227187 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. CVE-2024-37371 SUSE Linux Micro 6.0:krb5-1.20.1-5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520051-1/ https://www.suse.com/security/cve/CVE-2024-37371.html CVE-2024-37371 https://bugzilla.suse.com/1227186 SUSE Bug 1227186 https://bugzilla.suse.com/1227187 SUSE Bug 1227187