Gerald Britton

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos V5 versions prior to 1.2.5 krb5-workstation versions 1.1.1 through 1.2.2 krb5-configs version 1.1.1 krb5-devel versions 1.1.1 through 1.2.2 krb5-server versions 1.1.1 through 1.2.2 krb5-libs version 1.1.1 krb5 version 1.1.1 through 1.2.2 **Description** The issue involves multiple vulnerabilities in the krb5 packages of Red Hat Linux, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities in the MIT Kerberos V5 library, specifically in the chk trans.c file, allow users from one realm to impersonate users in other realms that have the same inter-realm keys. **Recommendations** For MIT Kerberos V5 versions prior to 1.2.5, update to version 1.2.5 or later. For krb5-workstation versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-configs version 1.1.1, update to a version later than 1.1.1. For krb5-devel versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-server versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-libs version 1.1.1, update to a version later than 1.1.1. For krb5 versions 1.1.1 through 1.2.2, update to a version later than 1.2.2.