Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #1291545

Bug#1135317: krb5: CVE-2026-40355 CVE-2026-40356

Show all headers | View raw

Source: krb5
Version: 1.22.1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for krb5.

CVE-2026-40355[0]:
| In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer
| dereference if an application calls gss_accept_sec_context() on a
| system with a NegoEx mechanism registered in /etc/gss/mech. An
| unauthenticated remote attacker can trigger this, causing the
| process to terminate in parse_nego_message.


CVE-2026-40356[1]:
| In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer
| underflow and resultant out-of-bounds read if an application calls
| gss_accept_sec_context() on a system with a NegoEx mechanism
| registered in /etc/gss/mech. An unauthenticated remote attacker can
| trigger this, possibly causing the process to terminate in
| parse_message.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-40355
    https://www.cve.org/CVERecord?id=CVE-2026-40355
[1] https://security-tracker.debian.org/tracker/CVE-2026-40356
    https://www.cve.org/CVERecord?id=CVE-2026-40356
[2] https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Back to linux.debian.bugs.dist | Previous | Next | Find similar

Thread

Bug#1135317: krb5: CVE-2026-40355 CVE-2026-40356 Salvatore Bonaccorso <carnil@debian.org> - 2026-05-01 07:50 +0200

csiph-web