Back to heimdal PTS page

Accepted heimdal 7.5.0+dfsg-3+deb10u1 (source) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 26 Nov 2022 17:00:54 +0100
Source: heimdal
Architecture: source
Version: 7.5.0+dfsg-3+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Brian May <bam@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 946786 996586 1024187
Changes:
 heimdal (7.5.0+dfsg-3+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team, with fixes for:
     + CVE-2019-14870: The AD KDC before 7.7.1/7.8 does not apply
       delegation_not_allowed (aka not-delegated) user attributes for S4U2Self;
       instead the forwardable flag is set even if the impersonated client has
       the not-delegated flag set. Closes: #946786.
     + CVE-2021-3671: A NULL dereference was found in the way the server
       handled a missing sname in TGS-REQ, leading to denial of service of the
       KDC before 7.7.1/7.8. Closes: #996586.
     + CVE-2021-44758: An initial SPNEGO token that has no acceptable
       mechanisms causes a NULL dereference in acceptors. Closes: #1024187.
       - Follow-up regression (FTBFS) fix: gss: Remove useless grep from
         check-context.
     + CVE-2022-3437: RC4 (arcfour), 1DES and 3DES3 unwrap didn't use constant
       memcmp() and were subject to buffer overflow, potentially leaking secret
       keys when using these ciphers. Closes: #1024187.
     + CVE-2022-41916: The KDC and 3rd party applications using Heimdal's
       libhx509 before 7.7.1/7.8 is subject to a denial of service
       vulnerability due to an out of bound read in the PKI certificate
       validation library. Closes: #1024187.
     + CVE-2022-42898: Heimdal before 7.7.1/7.8 suffers from an integer
       multiplication overflow when calculating how many bytes to allocate for
       a buffer for the parsed Privilege Attribute Certificate (PAC).  64 bits
       systems are not exploitable. Closes: #1024187.
       - Follow-up regression fix for lib/krb5/store-int.c:_krb5_get_int64() on
         32-bit systems.
     + CVE-2022-44640: Invalid free() in ASN.1 codec, potentially allowing
       remote code execution against Heimdal KDCs before 7.7.1/7.8.
       Closes: #1024187.
Checksums-Sha1:
 c502f3e19c0eb1f8f42462023e5226d6272e7c0f 3611 heimdal_7.5.0+dfsg-3+deb10u1.dsc
 1ba39f71a5627a23afbc8b987362831bed764f7d 8955005 heimdal_7.5.0+dfsg.orig.tar.gz
 c736fa5ce04c0849150a84dc5ad4f3ae8e116ac9 471348 heimdal_7.5.0+dfsg-3+deb10u1.debian.tar.xz
 27fb8df5ed76c1114f3f00f45208206d6dbf4cf0 22157 heimdal_7.5.0+dfsg-3+deb10u1_amd64.buildinfo
Checksums-Sha256:
 fd39b3cfb931a543f189ecfab730159d2dd8bf9b7fb754ffeab6bbabc6b6326f 3611 heimdal_7.5.0+dfsg-3+deb10u1.dsc
 489119b7a1a900b88163765654dc59cba9a321b078fafc76629e2b85ef140867 8955005 heimdal_7.5.0+dfsg.orig.tar.gz
 8f8a537dc6d9ca57b20068a2bb32dcf1b54a8dea54e55612395033cd66bbf905 471348 heimdal_7.5.0+dfsg-3+deb10u1.debian.tar.xz
 f61f0e7c353fbba24a1f363b4209eef77909f67f15071dd5af0f020d430fcd87 22157 heimdal_7.5.0+dfsg-3+deb10u1_amd64.buildinfo
Files:
 1b9ed0d4f5c867496fa1b1b446ac48b9 3611 net optional heimdal_7.5.0+dfsg-3+deb10u1.dsc
 b45b9d03cdd4f3288e79feba99e13a51 8955005 net optional heimdal_7.5.0+dfsg.orig.tar.gz
 022f7634cfbda46344d98662088b2270 471348 net optional heimdal_7.5.0+dfsg-3+deb10u1.debian.tar.xz
 c11c0710edc870c15cc0ae792aa6a545 22157 net optional heimdal_7.5.0+dfsg-3+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmOCOt4ACgkQ05pJnDwh
pVJMhA//QQYq0gkY5Gmaoj6hcFnU/reGm2An3W0bL76HWhsJTGt8TAr3a/uimD0N
mVnVHQfhCzcSN6fS4DxReGK0x7RPQ+pJiXTvOEkw5OJeW177ZGsMyGzaJM0hSIZt
9kkONPj/9hpdE7KzyJ4b2yURijgXZL1J5+aHnFQv1GZpoftu+wQpXL86v3XpxCj2
FlxW9BoyBfeOrruziJmyi2YQswISO3TuviWYK1Pw8g71vqc+r+YEjxmNl4wk9VPT
N9WDeFLWJwJ4xq8htZJzR6ml89GhxHsqX6lgCSpTOjcIVNof2Y36wU4R8QQKyh1I
SxQGe59/Z09xUqjlg60PTUO5PzynBb+8Hq+naIL6VPeiCHucu/ZwVjkPtnzlTOnD
zRMBejQxaCQvtAol6SwwxsFWEgdJvaM+hdebn746y4XKm/Zs/zy60Tu8ekEANdLI
lxbZXA1cD1prjMNrIZJqdurJ3qtGr5nKutC2GsxSog0ys35tHMjlOeBC7D2ZiQfw
4rG1ijocDDGq7PnUjX/Jj0gPnjSAaOuJoD2N/SjNRP2RhCYfxkdUyciPOW1+DXvI
ae+uWecHES1w2+tjzAyF6BaW9bzMWOzWejZlP18MtBCmgU034Bc10Zrpt4o32/rI
CdrLvJ5KCAwrOhLDtgbQuZwrvSoAKprT79hEkQ6WbStiUuB/9MA=
=2f9Z
-----END PGP SIGNATURE-----