In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. Reference and upstream patch: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
Created krb5 tracking bugs for this issue: Affects: fedora-all [bug 2294680]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:4734 https://access.redhat.com/errata/RHSA-2024:4734
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:4743 https://access.redhat.com/errata/RHSA-2024:4743
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2024:5076 https://access.redhat.com/errata/RHSA-2024:5076
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5312 https://access.redhat.com/errata/RHSA-2024:5312
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2024:5316 https://access.redhat.com/errata/RHSA-2024:5316
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:5630 https://access.redhat.com/errata/RHSA-2024:5630
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:5625 https://access.redhat.com/errata/RHSA-2024:5625
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:5643 https://access.redhat.com/errata/RHSA-2024:5643
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:5884 https://access.redhat.com/errata/RHSA-2024:5884
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6166 https://access.redhat.com/errata/RHSA-2024:6166