-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4065-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès February 23, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : krb5 Version : 1.18.3-6+deb11u6 CVE ID : CVE-2025-24528 Debian Bug : 1094730 MIT krb5 a popular implementation of Kerberos 5 protocol was affected by a vulnerability. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash. For Debian 11 bullseye, this problem has been fixed in version 1.18.3-6+deb11u6. We recommend that you upgrade your krb5 packages. For the detailed security status of krb5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/krb5 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAme7lNwACgkQADoaLapB CF8tSQ//QOOyjXcB8Wl+dbZJ3XgnADQg1djE2FPgRSy9I7FmPuCrfPqe5s4vJVnd J0ESnBZd33A++eu6u7XVDSSrVMlABEfT4SbYuqQOUQiDA7BvXWL/wdMvZlkgGodJ FKKY0jbpzfQ3MXNm+Or3fsmQgWRBkCLwOkr6QaU5w9I+tSSPFO9bnJHSXwJr/cZJ cwWyTQd9MRHwpibg5kzTHGS6jDD1pkVc+dQCgbkzrcwi2q2HsNMfwFpqtJ5Qa3kw 2lfEAW+s4VlrZnvzI0eRhglCvTe4S65rBNN3T9c/jyWUXGJZaZEwY6ldIEA5YeXS x2dOjUP/6yVGAzLUOITmrC7aAcyspHzPlE3qTtXRpDubgF9PMsJXAW3oa88HgCG7 tVI7CgJsxHkK8ZRt3GxJamYY7SnDICimhZhrqzHkJW5hws3yf4vC65O40XxI0Pp1 mVHRGB/NjwSH+yv7NhA4rvov2yDBM3QxCSWydNcmw44hbPhRbkP1MUQpELbbHP8W YiyxJ+4IFtIRBid49fTn/nP1ccp8/lMjrXWK2llV5r54AZtqyWh8a6CAPIxEtZsP JltDtbNWSiKbZT+HxTMWjMPFqSXk779LZ6z+/CjcMS7uGnzXRPKr/A5yvkVlCnbf kktEv3bmXgWFor8gdnO9mrAi8VXqeJhEOOPHVFi0ITdvbt62Ozo= =v6av -----END PGP SIGNATURE-----
