FEDORA-2024-862f5c4156 — security update for krb5

stable

krb5-1.21.3-2.fc39

FEDORA-2024-862f5c4156 created by jrische a year ago for Fedora 39

Security:

CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the "RSA" method for PKINIT
Fix of miscellaneous mistakes in the code

Enhancement:

Rework of TCP request timeout (disabled by default, global timeout setting added)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-862f5c4156

This update has been submitted for testing by jrische.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update has been pushed to testing.

a year ago

filiperosset commented & provided feedback a year ago

karma

no regressions noted

geraldosimiao provided feedback a year ago

karma

This update can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please log in to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

passed

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

14 days

Dates

submitted

a year ago

in testing

a year ago

in stable

a year ago

approved

a year ago

Builds

krb5-1.21.3-2.fc39

BZ#2304071 libkrad: implement support for Message-Authenticator (CVE-2024-3596)

BZ#2322704 Fix various issues detected by static analysis

BZ#2322706 Remove RSA protocol for PKINIT

BZ#2322711 Make TCP waiting time configurable

krb5-1.21.3-2.fc39

Automated Test Results

passed