Threats Tagged 'cve-2024-37371'

Red Hat has released an updated rhel9/toolbox container image to address multiple vulnerabilities including CVE-2024-34397, CVE-2024-37370, CVE-2024-37371, and CVE-2024-39331. The toolbox image provides RHEL-based containerized command line environments for development and testing, built on Podman and OCI container technologies. The update is available in the Red Hat container registry and can be pulled using podman commands. This advisory is a bug fix update that addresses security issues in the container image. No known exploits are reported in the wild at this time.

Red Hat has issued a moderate severity security advisory addressing two vulnerabilities (CVE-2024-37370 and CVE-2024-37371) in the krb5 package, which is part of the Kerberos network authentication system. These vulnerabilities relate to GSS message token handling. Kerberos enhances network security by enabling mutual authentication between clients and servers without sending passwords in plaintext. The advisory covers Red Hat Enterprise Linux 8. 4 variants and provides updated packages to remediate the issues. No known exploits are reported in the wild. Users are advised to apply the provided updates to affected systems.

Two security vulnerabilities (CVE-2024-37370 and CVE-2024-37371) affecting the krb5 component of Red Hat Enterprise Linux 8. 8 Extended Update Support have been addressed. These issues relate to GSS message token handling within the Kerberos network authentication system. Red Hat has released an official security update to fix these vulnerabilities. The advisory rates the security impact as moderate (medium severity). No known exploits are reported in the wild at this time. The update is available for multiple architectures and product variants of Red Hat Enterprise Linux 8. 8 EUS. Users should apply the provided security update to remediate these issues.

Red Hat has issued a security advisory (RHSA-2024:5076) addressing two moderate severity vulnerabilities (CVE-2024-37370 and CVE-2024-37371) in the krb5 package used in Red Hat Enterprise Linux 7 Extended Lifecycle Support. These vulnerabilities relate to GSS message token handling. Updated krb5 packages have been released to remediate these issues. No known exploits are reported in the wild. Users of affected Red Hat Enterprise Linux 7 ELS versions should apply the provided security update to mitigate the vulnerabilities.

Two moderate severity vulnerabilities (CVE-2024-37370 and CVE-2024-37371) affecting the krb5 component of Red Hat Enterprise Linux 8 have been addressed. These issues relate to GSS message token handling within the Kerberos network authentication system. A security update is available from Red Hat to remediate these vulnerabilities. The update improves the security of the krb5 package by fixing the identified flaws. No known exploits are reported in the wild at this time.

This advisory addresses two moderate-severity vulnerabilities (CVE-2024-37370 and CVE-2024-37371) in the krb5 package used by Red Hat Enterprise Linux 7. 7 AUS. Both vulnerabilities relate to GSS message token handling within the Kerberos network authentication system. Kerberos enhances network security by avoiding unencrypted password transmission and enabling mutual authentication via a trusted key distribution center. Red Hat has released updated krb5 packages that fix these issues. No known exploits are reported in the wild at this time.

Red Hat has issued a moderate severity security advisory (RHSA-2024:5625) addressing two vulnerabilities (CVE-2024-37370 and CVE-2024-37371) in the krb5 package related to GSS message token handling. These vulnerabilities affect multiple Red Hat Enterprise Linux 8. 6 variants. Kerberos is a network authentication system that helps secure network communications by avoiding unencrypted password transmission. The advisory provides updated krb5 packages to fix these issues. No known exploits in the wild have been reported. Users of affected Red Hat Enterprise Linux versions should apply the provided updates to mitigate the vulnerabilities. More detailed CVSS scores and impact information are available on the respective CVE pages. The vendor advisory confirms the availability of patches and provides instructions for applying them.

A moderate severity security update has been issued for the krb5 package in Red Hat Enterprise Linux 9. 0, addressing vulnerabilities including CVE-2024-37371 related to GSS message token handling. Kerberos is a network authentication system that enhances security by avoiding unencrypted password transmission and enabling mutual authentication via a trusted key distribution center. The update fixes these issues to improve the security of affected Red Hat Enterprise Linux versions. No known exploits are reported in the wild at this time.

Red Hat has issued a moderate severity security advisory (RHSA-2024:5643) addressing two vulnerabilities (CVE-2024-37370 and CVE-2024-37371) in the krb5 package related to GSS message token handling. Kerberos is a network authentication system that enhances security by avoiding unencrypted password transmission. These vulnerabilities affect multiple Red Hat Enterprise Linux 9. 2 Extended Update Support variants across various architectures including x86_64, aarch64, ppc64le, and s390x. The advisory provides updated krb5 packages to fix these issues. No CVSS scores are provided, and no known exploits in the wild have been reported. Users of affected Red Hat Enterprise Linux versions are advised to apply the available security update to mitigate these vulnerabilities.

Red Hat has issued a security advisory for krb5, the Kerberos network authentication system, addressing two vulnerabilities related to GSS message token handling (CVE-2024-37370 and CVE-2024-37371). These vulnerabilities have been rated with moderate security impact by Red Hat. The advisory provides updated krb5 packages for Red Hat Enterprise Linux 8. 2 AUS to remediate these issues. Kerberos helps secure network authentication by avoiding unencrypted password transmission and relies on a trusted key distribution center. The vulnerabilities specifically affect message token handling within the GSS API component of krb5. No CVSS scores are provided in the advisory, and there are no known exploits in the wild at this time.