FEDORA-2024-c0961d31b8 — security update for krb5

stable

krb5-1.21.3-3.fc41

FEDORA-2024-c0961d31b8 created by jrische 9 months ago for Fedora 41

Security:

CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the "RSA" method for PKINIT
Fix of miscellaneous mistakes in the code

Enhancement:

Rework of TCP request timeout (disabled by default, global timeout setting added)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-c0961d31b8

This update has been submitted for testing by jrische.

9 months ago

This update's test gating status has been changed to 'waiting'.

9 months ago

This update's test gating status has been changed to 'passed'.

9 months ago

This update has been pushed to testing.

9 months ago

bojan provided feedback 9 months ago

karma

derekenz commented & provided feedback 9 months ago

karma

Works

This update can be pushed to stable now if the maintainer wishes

9 months ago

geraldosimiao provided feedback 8 months ago

karma

This update has been submitted for stable by bodhi.

8 months ago

filiperosset commented & provided feedback 8 months ago

karma

works for me

This update has been pushed to stable.

8 months ago

Please log in to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

passed

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

14 days

Dates

submitted

9 months ago

in testing

9 months ago

in stable

8 months ago

approved

8 months ago

Builds

krb5-1.21.3-3.fc41

BZ#2304071 libkrad: implement support for Message-Authenticator (CVE-2024-3596)

BZ#2322704 Fix various issues detected by static analysis

BZ#2322706 Remove RSA protocol for PKINIT

BZ#2322711 Make TCP waiting time configurable

krb5-1.21.3-3.fc41

Automated Test Results

passed