Groups | Search | Server Info | Login | Register
Groups > comp.protocols.kerberos > #5431
| From | "Greg Hudson" <ghudson@mit.edu> |
|---|---|
| Newsgroups | comp.protocols.kerberos |
| Subject | Re: Regarding confirmation for CVE-2025-57736 in krb5 |
| Date | 2025-09-01 14:32 -0400 |
| Organization | TNet Consulting |
| Message-ID | <mailman.5.1756751541.2340612.kerberos@mit.edu> (permalink) |
| References | <SJ5PPF2C6461432913CDC01CA6643EC6AB1BF07A@SJ5PPF2C6461432.namprd10.prod.outlook.com> <ddb3dfa3-fd53-4ec1-9f3b-476abe37c01e@mit.edu> |
On 9/1/25 03:02, Ankit Srivastava via Kerberos wrote: > Hi Team, > While reviewing Kerberos 1.22.1 release note[...] I have found CVE claim [...] > But the same has not been mentioned in 1.22 ! I'm not sure what this means. The release notes in the (withdrawn) krb5-1.22 tarball can't be changed. > So, does it impact on the user who is using krb5.1.21.3 or prior releases or only the impact on user who has krb5.1.22 ? Only 1.22 is impacted. Prior releases never had this bug, and 1.22.1 fixes it.
Back to comp.protocols.kerberos | Previous | Next | Find similar
Re: Regarding confirmation for CVE-2025-57736 in krb5 "Greg Hudson" <ghudson@mit.edu> - 2025-09-01 14:32 -0400
csiph-web