[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3912-1] heimdal security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3912-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 16, 2017                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : heimdal
CVE ID         : CVE-2017-11103
Debian Bug     : 868208

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that
Heimdal, an implementation of Kerberos 5 that aims to be compatible with
MIT Kerberos, trusts metadata taken from the unauthenticated plaintext
(Ticket), rather than the authenticated and encrypted KDC response. A
man-in-the-middle attacker can use this flaw to impersonate services to
the client.

See https://orpheus-lyre.info/ for details.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.6~rc2+dfsg-9+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 7.1.0+dfsg-13+deb9u1.

For the unstable distribution (sid), this problem has been fixed in
version 7.4.0.dfsg.1-1.

We recommend that you upgrade your heimdal packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllrYqJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qd4w/8DdQRasssYylGZcOojdCQU8wA31IbhmeZVhRJ52y8kZG+Lv0h5qODHSkc
LnPOBK8m8c4WIl/qgqc1TReHT/gTBay2xtmYIAl94e5BKClFVmk8QjTl2lwcBGK6
akg0OAiq7gPRtmvLdWWPouFXSZh8GXJ2+1UShTaO9tenD+6A75qiy0iExnSqTdNy
mjH5kTDhUqY34nG/G2uSXTA/UUFtP+kSeRjC1XSvlXc6UsumDGni0/RCYer+6kn/
sDSGKIX/+JN7BG2nb3OhrXgbo40hEflRynAwB35ZPwCPytmp2x7XiCsMnDqFAK6o
AeiDwPe8eRpUGZLbh7urFQ2UyQvPlNXLHxpjhHLb94OcFAQCPc/TKpuTqAXQ21dP
luSd8Fai/cNOE1YwlQVG8LJPqm5Zxe8mVeTtQJ0c1PPpUcElgosU1AJYb0KjC8Vn
u+TX9eHpo6ZLf4d+BfEqjLBjN87/VQnDCsjYcCAibFj1w+3Zh/cwThP1qpkaSyuI
yCrJeDQlNbeqV96EMGg1l+E1P4aFDmk7Xyp4X7TGJ/hklz1bkr6esMLPZVcSZS5a
eXmelXGY9ba5hWiGL9WqXsfODKh/PzQ0425ZMwyoQgBsCjupXtaNzY8JE51+k8JM
uJylqEkb0aMAcRHiCiICpHJIidTcjpoyDrDAnUTtmEaqI7aydcs=
=2FaP
-----END PGP SIGNATURE-----


Reply to: