|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2024-26458: krb5: memory leak at /krb5/src/lib/rpc/pmap_rmt.c | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | SUSE Samba Team <samba> |
| Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P3 - Medium | CC: | abergmann, camila.matos, davide.benini, samba-maintainers, scabrero, security-team, stoyan.manolov |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/395561/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2024-26458:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2024-03-01 11:16:14 UTC
https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html On 3/1/24 07:13, Alexander Bergmann via Kerberos wrote: > We got notified via NVD about 3 new security issues. Right now there > seams to be no upstream reference. Could someone please comment on this? > > CVE-2024-26458: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c > CVE-2024-26461: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c > CVE-2024-26462: Memory leak at /krb5/src/kdc/ndr.c These CVEs appear to be the result of someone running a static analysis tool over the MIT krb5 code base and assigning CVEs to each resulting defect, without performing any additional impact analysis or upstream consultation. The pmap_rmt.c leak only affects pmap_rmtcall(), which is unused by the rest of the krb5 code base and likely unused by anyone else. The k5sealv3.c leak affects an encoding function, and happens on a bounds check which likely cannot be triggered with any choice of memory-valid API inputs. (The bounds check was itself introduced to quash a different static analysis defect.) The ndr.c leak also affects an encoding function, and triggers if the input contains invalid UTF-8. This one might be triggerable by a request (though it may require elevated privilege), but I would not have requested a CVE for it myself. I will fix these on the mainline, but I only expect to assign a ticket to the third one. SUSE-SU-2024:0997-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1220770, 1220771, 1220772 CVE References: CVE-2024-26458, CVE-2024-26461, CVE-2024-26462 Maintenance Incident: [SUSE:Maintenance:33037](https://smelt.suse.de/incident/33037/) Sources used: openSUSE Leap 15.5 (src): krb5-mini-1.20.1-150500.3.6.1, krb5-1.20.1-150500.3.6.1 SUSE Linux Enterprise Micro 5.5 (src): krb5-1.20.1-150500.3.6.1 Basesystem Module 15-SP5 (src): krb5-1.20.1-150500.3.6.1 Server Applications Module 15-SP5 (src): krb5-1.20.1-150500.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2024:0999-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1220770, 1220771 CVE References: CVE-2024-26458, CVE-2024-26461 Maintenance Incident: [SUSE:Maintenance:33040](https://smelt.suse.de/incident/33040/) Sources used: SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): krb5-1.16.3-150100.3.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): krb5-1.16.3-150100.3.33.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): krb5-1.16.3-150100.3.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2024:1001-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1220770, 1220771 CVE References: CVE-2024-26458, CVE-2024-26461 Maintenance Incident: [SUSE:Maintenance:33039](https://smelt.suse.de/incident/33039/) Sources used: SUSE Enterprise Storage 7.1 (src): krb5-1.19.2-150300.16.1 SUSE Linux Enterprise Micro 5.1 (src): krb5-1.19.2-150300.16.1 SUSE Linux Enterprise Micro 5.2 (src): krb5-1.19.2-150300.16.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): krb5-1.19.2-150300.16.1 openSUSE Leap 15.3 (src): krb5-1.19.2-150300.16.1, krb5-mini-1.19.2-150300.16.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): krb5-1.19.2-150300.16.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): krb5-1.19.2-150300.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): krb5-1.19.2-150300.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2024:1006-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1220770, 1220771 CVE References: CVE-2024-26458, CVE-2024-26461 Maintenance Incident: [SUSE:Maintenance:33038](https://smelt.suse.de/incident/33038/) Sources used: SUSE Manager Proxy 4.3 (src): krb5-1.19.2-150400.3.9.1 SUSE Manager Retail Branch Server 4.3 (src): krb5-1.19.2-150400.3.9.1 SUSE Manager Server 4.3 (src): krb5-1.19.2-150400.3.9.1 openSUSE Leap 15.4 (src): krb5-1.19.2-150400.3.9.1, krb5-mini-1.19.2-150400.3.9.1 openSUSE Leap Micro 5.3 (src): krb5-1.19.2-150400.3.9.1 openSUSE Leap Micro 5.4 (src): krb5-1.19.2-150400.3.9.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): krb5-1.19.2-150400.3.9.1 SUSE Linux Enterprise Micro 5.3 (src): krb5-1.19.2-150400.3.9.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): krb5-1.19.2-150400.3.9.1 SUSE Linux Enterprise Micro 5.4 (src): krb5-1.19.2-150400.3.9.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): krb5-1.19.2-150400.3.9.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): krb5-1.19.2-150400.3.9.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): krb5-1.19.2-150400.3.9.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): krb5-1.19.2-150400.3.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): krb5-1.19.2-150400.3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. As indicated at https://bugzilla.suse.com/show_bug.cgi?id=1221579#c3, point 2, I think 11SP4 is affected, but I see in smash it's still under analysis. Security team, could you confirm 11SP4 is affected? SUSE-SU-2024:1148-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1220770, 1220771 CVE References: CVE-2024-26458, CVE-2024-26461 Maintenance Incident: [SUSE:Maintenance:33148](https://smelt.suse.de/incident/33148/) Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): krb5-1.16.3-46.6.1 SUSE Linux Enterprise Server 12 SP5 (src): krb5-1.16.3-46.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): krb5-1.16.3-46.6.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): krb5-1.16.3-46.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. This is an autogenerated message for OBS integration: This bug (1220770) was mentioned in https://build.opensuse.org/request/show/1185764 Factory / krb5 |