Summary
In Kerberos 5 (aka krb5) a memory leak vulnerability was discovered. The issue occurs in the k5sealv3.c file within the GSSAPI library. Specifically, the leak happens during a bounds check in an encoding function.
Products Potentially Affected
OS/Product
|
Exposure
|
ExtremeAnalytics for Site Engine
|
Yes
|
ExtremeCloud IQ - Site Engine (XIQ-SE)
|
Yes
|
ExtremeControl for Site Engine
|
Yes
|
Repair Recommendations
ExtremeAnalytics for Site Engine:
- Fixed in 25.5.11 or later.
ExtremeCloud IQ - Site Engine (XIQ-SE):
- Fixed in 25.5.11 or later.
ExtremeControl for Site Engine:
- Fixed in 25.5.11 or later
Please see the full security advisory article here for more details and future updates.