Inquiry Regarding CVE-2024-26461 Fix in Upcoming krb5 Release

Zhang, Shawn Shawn.Zhang at Dell.com
Fri Nov 8 01:43:11 EST 2024


Dear Greg Hudson,

I hope this message finds you well.

I am writing to inquire about the current status and expected timeline for addressing the CVE identified in the krb5 software. Our team needs to understand when a fix for this vulnerability will be available in an upcoming release to plan our security updates accordingly.

I can see that commit c5f9c816107f70139de11b38aa02db2f1774ee0d <https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d> includes the fix for CVE NVD - CVE-2024-26461<https://nvd.nist.gov/vuln/detail/CVE-2024-26461>. However, these changes are not yet included in the latest krb5 release, which is 1.21.3 (krb5-1.21.3-final <https://github.com/krb5/krb5/tree/krb5-1.21.3-final> ).

Could you please provide more details on the targeted release version and date for the fix?

Your assistance in this matter is highly appreciated as it will help us ensure the security and stability of our systems. I look forward to your prompt response.
Thank you for your attention and cooperation.

Best regards,

Shawn Zhang (he/him)
Senior Principal Engineer, Protocol
Dell Technologies | Unstructured & Secondary Storage
Shawn.Zhang at Dell.com<mailto:Shawn.Zhang at Dell.com>




Internal Use - Confidential


More information about the Kerberos mailing list