Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Fix krb5 CVE-2024-37370 #19577

Merged
merged 1 commit into from
Jul 17, 2024
Merged

[Security] Fix krb5 CVE-2024-37370 #19577

merged 1 commit into from
Jul 17, 2024

Conversation

xumia
Copy link
Collaborator

@xumia xumia commented Jul 15, 2024

Why I did it

[Security] Fix krb5 CVE-2024-37370

Work item tracking
  • Microsoft ADO (number only): 28432951

How I did it

Upgrade krb5 to version 1.18.3-6+deb11u5+fips

How to verify it

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211
  • 202305

Tested branch (Please provide the tested image version)

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@xumia xumia requested a review from StormLiangMS July 15, 2024 12:32
@xumia
Copy link
Collaborator Author

xumia commented Jul 17, 2024

/azpw ms_conflict

1 similar comment
@xumia
Copy link
Collaborator Author

xumia commented Jul 17, 2024

/azpw ms_conflict

StormLiangMS
StormLiangMS approved these changes Jul 17, 2024
View reviewed changes
Copy link
Contributor

@StormLiangMS StormLiangMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@StormLiangMS StormLiangMS merged commit 14eb4ca into sonic-net:master Jul 17, 2024
22 checks passed
arun1355492 pushed a commit to arun1355492/sonic-buildimage that referenced this pull request Jul 26, 2024
@xumia @arun1355492
[Security] Fix krb5 CVE-2024-37370 (sonic-net#19577)
3d872cb 
Why I did it
[Security] Fix krb5 CVE-2024-37370

Work item tracking
Microsoft ADO (number only): 28432951
How I did it
Upgrade krb5 to version 1.18.3-6+deb11u5+fips
liushilongbuaa pushed a commit to liushilongbuaa/sonic-buildimage that referenced this pull request Aug 1, 2024
@xumia @liushilongbuaa
[Security] Fix krb5 CVE-2024-37370 (sonic-net#19577)
f721855 
Why I did it
[Security] Fix krb5 CVE-2024-37370

Work item tracking
Microsoft ADO (number only): 28432951
How I did it
Upgrade krb5 to version 1.18.3-6+deb11u5+fips
@yxieca
Copy link
Contributor

yxieca commented Aug 2, 2024

@xumia can you help create PR for 202311 and 202405 branch?

@xumia xumia mentioned this pull request Aug 12, 2024
Merged
11 tasks
@xumia
Copy link
Collaborator Author

xumia commented Aug 12, 2024
edited
Loading

@xumia can you help create PR for 202311 and 202405 branch?

For 202311, fix the conflict issue #19880
For 202405, no conflict, @yxieca , please help approve the 202405 request, thanks.

yxieca pushed a commit that referenced this pull request Aug 12, 2024
@xumia
[Security][202305] Fix krb5 CVE-2024-37370 (#19880)
e4f88cc 
Why I did it
Cherry-pick from #19577
[Security] Fix krb5 CVE-2024-37370

How I did it
Upgrade krb5 to version 1.18.3-6+deb11u5+fips
@yxieca
Copy link
Contributor

yxieca commented Aug 12, 2024

@bingwang-ms to take it to 202405.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StormLiangMS StormLiangMS StormLiangMS approved these changes

@qiluo-msft qiluo-msft Awaiting requested review from qiluo-msft qiluo-msft is a code owner

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees
No one assigned
Labels
Cherry Pick Conflict_202311 Request for 202311 Branch Request for 202405 Branch Security 🛡️
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@xumia @yxieca @StormLiangMS @mssonicbld