Lucene search
OracleLinuxELSA-2024-5312HistoryAug 13, 2024 - 12:00 a.m.
krb5 security update
2024-08-1300:00:00
linux.oracle.com
31
krb5
security update
race condition
vulnerabilities
cve-2024-37370
cve-2024-37371
rhel-45398
rhel-45386
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
7.1
Confidence
Low
EPSS
0.001
Percentile
37.7%
[1.18.2-29.0.1]
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
[1.18.2-29] - CVE-2024-37370 CVE-2024-37371
Fix vulnerabilities in GSS message token handling
Resolves: RHEL-45398 RHEL-45386
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | krb5 | < 1.18.2-29.0.1.el8_10 | krb5-1.18.2-29.0.1.el8_10.src.rpm |
| oracle linux | 8 | src | krb5 | < 1.18.2-29.0.1.el8_10 | krb5-1.18.2-29.0.1.el8_10.src.rpm |
| oracle linux | 8 | aarch64 | krb5-devel | < 1.18.2-29.0.1.el8_10 | krb5-devel-1.18.2-29.0.1.el8_10.aarch64.rpm |
| oracle linux | 8 | aarch64 | krb5-devel | < 1.18.2-29.0.1.el8_10 | krb5-devel-1.18.2-29.0.1.el8_10.aarch64.rpm |
| oracle linux | 8 | aarch64 | krb5-libs | < 1.18.2-29.0.1.el8_10 | krb5-libs-1.18.2-29.0.1.el8_10.aarch64.rpm |
| oracle linux | 8 | aarch64 | krb5-libs | < 1.18.2-29.0.1.el8_10 | krb5-libs-1.18.2-29.0.1.el8_10.aarch64.rpm |
| oracle linux | 8 | aarch64 | krb5-pkinit | < 1.18.2-29.0.1.el8_10 | krb5-pkinit-1.18.2-29.0.1.el8_10.aarch64.rpm |
| oracle linux | 8 | aarch64 | krb5-pkinit | < 1.18.2-29.0.1.el8_10 | krb5-pkinit-1.18.2-29.0.1.el8_10.aarch64.rpm |
| oracle linux | 8 | aarch64 | krb5-server | < 1.18.2-29.0.1.el8_10 | krb5-server-1.18.2-29.0.1.el8_10.aarch64.rpm |
| oracle linux | 8 | aarch64 | krb5-server | < 1.18.2-29.0.1.el8_10 | krb5-server-1.18.2-29.0.1.el8_10.aarch64.rpm |
Related
nessus
nessus
RHEL 9 : krb5 (RHSA-2024:5643)
2024-08-20 00:00:00
RHEL 8 : krb5 (RHSA-2024:4734)
2024-07-23 00:00:00
EulerOS 2.0 SP10 : krb5 (EulerOS-SA-2024-2419)
2024-09-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2305-1)
2024-07-08 00:00:00
Debian: Security Advisory (DSA-5726-1)
2024-07-08 00:00:00
Ubuntu: Security Advisory (USN-6947-1)
2024-08-09 00:00:00
almalinux
almalinux
Moderate: krb5 security update
2024-08-13 00:00:00
Moderate: krb5 security update
2024-09-03 00:00:00
redhat
redhat
(RHSA-2024:5076) Moderate: krb5 security update
2024-08-07 09:57:22
(RHSA-2024:5625) Moderate: krb5 security update
2024-08-20 15:33:03
(RHSA-2024:4734) Moderate: krb5 security update
2024-07-23 14:41:35
mageia
mageia
Updated krb5 packages fix security vulnerabilities
2024-07-03 19:36:28
osv
osv
krb5 vulnerabilities
2024-08-08 02:20:23
Moderate: krb5 security update
2024-08-13 00:00:00
krb5 - security update
2024-07-05 00:00:00
oraclelinux
oraclelinux
krb5 security update
2024-09-03 00:00:00
amazon
amazon
Medium: krb5
2024-07-18 02:00:00
ubuntucve
ubuntucve
CVE-2024-37371
2024-06-28 00:00:00
CVE-2024-37370
2024-06-28 00:00:00
redos
redos
ROS-20240911-04
2024-09-11 00:00:00
ibm
ibm
ubuntu
ubuntu
Kerberos vulnerabilities
2024-08-08 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-4.0-0679
2024-09-02 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0355
2024-08-26 00:00:00
Critical Photon OS Security Update - PHSA-2024-3.0-0791
2024-09-04 00:00:00
alpinelinux
alpinelinux
CVE-2024-37371
2024-06-28 23:15:11
CVE-2024-37370
2024-06-28 22:15:02
cbl_mariner
cbl_mariner
CVE-2024-37371 affecting package krb5 for versions less than 1.21.3-1
2024-08-05 03:22:58
CVE-2024-37370 affecting package krb5 for versions less than 1.21.3-1
2024-08-05 03:22:58
CVE-2024-37370 affecting package krb5 for versions less than 1.21.3-1
2024-08-14 20:43:58
veracode
veracode
Plaintext Modification
2024-07-01 11:00:24
Denial Of Service (DoS)
2024-07-01 11:46:03
fedora
fedora
[SECURITY] Fedora 40 Update: krb5-1.21.3-1.fc40
2024-07-13 02:46:57
[SECURITY] Fedora 39 Update: krb5-1.21.3-1.fc39
2024-07-17 01:19:01
cve
cve
CVE-2024-37371
2024-06-28 23:15:11
CVE-2024-37370
2024-06-28 22:15:02
nvd
nvd
CVE-2024-37370
2024-06-28 22:15:02
CVE-2024-37371
2024-06-28 23:15:11
redhatcve
redhatcve
CVE-2024-37370
2024-06-28 05:08:57
CVE-2024-37371
2024-06-28 05:08:51
debiancve
debiancve
CVE-2024-37370
2024-06-28 22:15:02
CVE-2024-37371
2024-06-28 23:15:11
vulnrichment
vulnrichment
CVE-2024-37370
2024-06-28 00:00:00
CVE-2024-37371
2024-06-28 00:00:00
cvelist
cvelist
CVE-2024-37371
2024-06-28 00:00:00
CVE-2024-37370
2024-06-28 00:00:00
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
7.1
Confidence
Low
EPSS
0.001
Percentile
37.7%
Related for ELSA-2024-5312