John Hawkinson

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 (krb5) versions 1.3.1 and earlier krb5-devel version 1.2.2 krb5-server version 1.2.2 krb5-libs version 1.2.2 krb5-workstation version 1.2.2 **Description** The issue concerns multiple vulnerabilities in the krb5 package of Red Hat Enterprise Linux, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A double free vulnerability in the `krb5 rd cred` function may allow local users to execute arbitrary code. **Recommendations** For MIT Kerberos 5 (krb5) versions 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue. For krb5-devel version 1.2.2, update to a newer version to mitigate the risk. For krb5-server version 1.2.2, update to a newer version to mitigate the risk. For krb5-libs version 1.2.2, update to a newer version to mitigate the risk. For krb5-workstation version 1.2.2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.