CLSA-2026-1779461988

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779461988.json

JSON Data

https://api.test.osv.dev/v1/vulns/CLSA-2026-1779461988

Upstream

CVE-2024-3596

CVE-2024-37370

CVE-2024-37371

Published

2026-05-22T14:59:52Z

Modified

2026-05-27T11:18:18.709039491Z

Summary

krb5: Fix of 3 CVEs

Details

CVE-2024-3596: generate and verify Message-Authenticator MACs in libkrad to mitigate the BlastRADIUS attack on the RADIUS protocol; includes follow-up fix for uninitialized pointer dereference in kradpacketdecode_request
CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap token to avoid appearing truncated to application
CVE-2024-37371: fix invalid memory reads during GSS message token handling

References

https://errata.tuxcare.com/els_os/centos-stream8els/CLSA-2026-1779461988.html

Affected packages

TuxCare:CentOS-Stream:8

krb5-devel

Package

Name: krb5-devel
Purl: pkg:rpm/tuxcare/krb5-devel?distro=centos-stream-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.2-27.el8.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779461988.json"

krb5-libs

Package

Name: krb5-libs
Purl: pkg:rpm/tuxcare/krb5-libs?distro=centos-stream-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.2-27.el8.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779461988.json"

krb5-pkinit

Package

Name: krb5-pkinit
Purl: pkg:rpm/tuxcare/krb5-pkinit?distro=centos-stream-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.2-27.el8.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779461988.json"

krb5-server

Package

Name: krb5-server
Purl: pkg:rpm/tuxcare/krb5-server?distro=centos-stream-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.2-27.el8.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779461988.json"

krb5-server-ldap

Package

Name: krb5-server-ldap
Purl: pkg:rpm/tuxcare/krb5-server-ldap?distro=centos-stream-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.2-27.el8.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779461988.json"

krb5-workstation

Package

Name: krb5-workstation
Purl: pkg:rpm/tuxcare/krb5-workstation?distro=centos-stream-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.2-27.el8.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779461988.json"

libkadm5

Package

Name: libkadm5
Purl: pkg:rpm/tuxcare/libkadm5?distro=centos-stream-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.2-27.el8.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779461988.json"