Fedora Linux 8799 Published by

Fedora Linux has received security upgrades for krb5 and microcode_ctl:

Fedora 39 Update: krb5-1.21.3-2.fc39
Fedora 40 Update: krb5-1.21.3-2.fc40
Fedora 41 Update: microcode_ctl-2.1-66.fc41




[SECURITY] Fedora 39 Update: krb5-1.21.3-2.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-862f5c4156
2024-11-15 03:21:06.286197
--------------------------------------------------------------------------------

Name : krb5
Product : Fedora 39
Version : 1.21.3
Release : 2.fc39
URL : https://web.mit.edu/kerberos/www/
Summary : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.

--------------------------------------------------------------------------------
Update Information:

Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for
Message-Authenticator attribute)
Marvin attack: Removal of the "RSA" method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting
added)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 30 2024 Julien Rische [jrische@redhat.com] - 1.21.3-2
- libkrad: implement support for Message-Authenticator (CVE-2024-3596)
Resolves: rhbz#2304071
- Fix various issues detected by static analysis
Resolves: rhbz#2322704
- Remove RSA protocol for PKINIT
Resolves: rhbz#2322706
- Make TCP waiting time configurable
Resolves: rhbz#2322711
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2304071 - libkrad: implement support for Message-Authenticator (CVE-2024-3596)
https://bugzilla.redhat.com/show_bug.cgi?id=2304071
[ 2 ] Bug #2322704 - Fix various issues detected by static analysis
https://bugzilla.redhat.com/show_bug.cgi?id=2322704
[ 3 ] Bug #2322706 - Remove RSA protocol for PKINIT
https://bugzilla.redhat.com/show_bug.cgi?id=2322706
[ 4 ] Bug #2322711 - Make TCP waiting time configurable
https://bugzilla.redhat.com/show_bug.cgi?id=2322711
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-862f5c4156' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: krb5-1.21.3-2.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-29a74ac2b0
2024-11-15 03:17:43.956683
--------------------------------------------------------------------------------

Name : krb5
Product : Fedora 40
Version : 1.21.3
Release : 2.fc40
URL : https://web.mit.edu/kerberos/www/
Summary : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.

--------------------------------------------------------------------------------
Update Information:

Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for
Message-Authenticator attribute)
Marvin attack: Removal of the "RSA" method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting
added)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 30 2024 Julien Rische [jrische@redhat.com] - 1.21.3-2
- libkrad: implement support for Message-Authenticator (CVE-2024-3596)
Resolves: rhbz#2304071
- Fix various issues detected by static analysis
Resolves: rhbz#2322704
- Remove RSA protocol for PKINIT
Resolves: rhbz#2322706
- Make TCP waiting time configurable
Resolves: rhbz#2322711
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2304071 - libkrad: implement support for Message-Authenticator (CVE-2024-3596)
https://bugzilla.redhat.com/show_bug.cgi?id=2304071
[ 2 ] Bug #2322704 - Fix various issues detected by static analysis
https://bugzilla.redhat.com/show_bug.cgi?id=2322704
[ 3 ] Bug #2322706 - Remove RSA protocol for PKINIT
https://bugzilla.redhat.com/show_bug.cgi?id=2322706
[ 4 ] Bug #2322711 - Make TCP waiting time configurable
https://bugzilla.redhat.com/show_bug.cgi?id=2322711
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-29a74ac2b0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: microcode_ctl-2.1-66.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8b65ec8c46
2024-11-15 01:19:58.610255
--------------------------------------------------------------------------------

Name : microcode_ctl
Product : Fedora 41
Version : 2.1
Release : 66.fc41
URL : https://pagure.io/microcode_ctl
Summary : Tool to transform and deploy CPU microcode update for x86
Description :
The microcode_ctl utility is a companion to the microcode driver written
by Tigran Aivazian [tigran@aivazian.fsnet.co.uk].

The microcode update is volatile and needs to be uploaded on each system
boot i.e. it doesn't reflash your cpu permanently, reboot and it reverts
back to the old microcode.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 2.1-46. 20241029
Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x129 up
to 0x12b.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 11 2024 Eugene Syromiatnikov [esyr@redhat.com] 2:2.1-66
- Update to upstream 2.1-46. 20241029
- Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x129 up
to 0x12b.
- Resolves RHBZ#2324127
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2324127 - 20241029 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2324127
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8b65ec8c46' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--