krb5 on Alpine3.18 has Critical Vulnurability
Package Information
- Name: krb5
- Homepage: https://pkgs.alpinelinux.org/package/v3.18/main/x86_64/krb5
Description
Greetings Alpine team!
krb5-1.20.2-r0 has critical vulnerability. It was found on June 27, 2024, so it is present for 4 months already.
Reference links:
- https://access.redhat.com/errata/RHSA-2024:6166
- https://access.redhat.com/security/cve/CVE-2024-37371
- https://bugzilla.redhat.com/2294676
- Toggle more links
- https://bugzilla.redhat.com/2294677
- https://errata.almalinux.org/9/ALSA-2024-6166.html
- https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
- https://linux.oracle.com/cve/CVE-2024-37371.html
- https://linux.oracle.com/errata/ELSA-2024-6166.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-37371
- https://ubuntu.com/security/notices/USN-6947-1
- https://web.mit.edu/kerberos/www/advisories/
- https://web.mit.edu/kerberos/www/krb5-1.21/
- https://www.cve.org/CVERecord?id=CVE-2024-37371
Please upgrade the subject to the latest version where the fix is present - 1.20.3-r0
Thank you in advance!