In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. Reference and upstream patch: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
Created krb5 tracking bugs for this issue: Affects: fedora-all [bug 2294678]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:4734 https://access.redhat.com/errata/RHSA-2024:4734
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:4743 https://access.redhat.com/errata/RHSA-2024:4743
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2024:5076 https://access.redhat.com/errata/RHSA-2024:5076
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5312 https://access.redhat.com/errata/RHSA-2024:5312
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2024:5316 https://access.redhat.com/errata/RHSA-2024:5316
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:5625 https://access.redhat.com/errata/RHSA-2024:5625
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:5643 https://access.redhat.com/errata/RHSA-2024:5643
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:5884 https://access.redhat.com/errata/RHSA-2024:5884
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6166 https://access.redhat.com/errata/RHSA-2024:6166
This issue has been addressed in the following products: Service Interconnect 1.4 for RHEL 9 Via RHSA-2024:7213 https://access.redhat.com/errata/RHSA-2024:7213
This issue has been addressed in the following products: Service Interconnect 1 for RHEL 9 Via RHSA-2024:7374 https://access.redhat.com/errata/RHSA-2024:7374