1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3912-1] heimdal security update

    From Salvatore Bonaccorso@1:229/2 to All on Sun Jul 16 15:10:01 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3912-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    July 16, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : heimdal
    CVE ID : CVE-2017-11103
    Debian Bug : 868208

    Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that
    Heimdal, an implementation of Kerberos 5 that aims to be compatible with
    MIT Kerberos, trusts metadata taken from the unauthenticated plaintext (Ticket), rather than the authenticated and encrypted KDC response. A man-in-the-middle attacker can use this flaw to impersonate services to
    the client.

    See https://orpheus-lyre.info/ for details.

    For the oldstable distribution (jessie), this problem has been fixed
    in version 1.6~rc2+dfsg-9+deb8u1.

    For the stable distribution (stretch), this problem has been fixed in
    version 7.1.0+dfsg-13+deb9u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 7.4.0.dfsg.1-1.

    We recommend that you upgrade your heimdal packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllrYqJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qd4w/8DdQRasssYylGZcOojdCQU8wA31IbhmeZVhRJ52y8kZG+Lv0h5qODHSkc LnPOBK8m8c4WIl/qgqc1TReHT/gTBay2xtmYIAl94e5BKClFVmk8QjTl2lwcBGK6 akg0OAiq7gPRtmvLdWWPouFXSZh8GXJ2+1UShTaO9tenD+6A75qiy0iExnSqTdNy mjH5kTDhUqY34nG/G2uSXTA/UUFtP+kSeRjC1XSvlXc6UsumDGni0/RCYer+6kn/ sDSGKIX/+JN7BG2nb3OhrXgbo40hEflRynAwB35ZPwCPytmp2x7XiCsMnDqFAK6o AeiDwPe8eRpUGZLbh7urFQ2UyQvPlNXLHxpjhHLb94OcFAQCPc/TKpuTqAXQ21dP luSd8Fai/cNOE1YwlQVG8LJPqm5Zxe8mVeTtQJ0c1PPpUcElgosU1AJYb0KjC8Vn u+TX9eHpo6ZLf4d+BfEqjLBjN87/VQnDCsjYcCAibFj1w+3Zh/cwThP1qpkaSyuI yCrJeDQlNbeqV96EMGg1l+E1P4aFDmk7Xyp4X7TGJ/hklz1bkr6esMLPZVcSZS5a eXmelXGY9ba5hWiGL9WqXsfODKh/PzQ0425ZMwyoQgBsCjupXtaNzY8JE51+k8JM uJylqEkb0aMAcRHiCiICpHJIidTcjpoyDrDAnUTtmEaqI7aydcs=
    =2FaP
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)