Univention Bugzilla – Bug 55461
heimdal: Multiple issues (5.0)
Last modified: 2022-11-30 13:28:00 CET
New Debian heimdal 7.5.0+dfsg-3+deb10u1A~5.0.2.202211281239 fixes: This update addresses the following issues: * The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC (CVE-2019-14870) * Null pointer dereference on missing sname in TGS-REQ (CVE-2021-3671) * heimdal (CVE-2021-44758) * heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (CVE-2022-3437) * Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. (CVE-2022-41916) * integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) * heimdal (CVE-2022-44640)
--- mirror/ftp/pool/main/h/heimdal/heimdal_7.5.0+dfsg-3A~5.0.0.202103261107.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/heimdal_7.5.0+dfsg-3+deb10u1A~5.0.2.202211281239.dsc @@ -1,4 +1,4 @@ -7.5.0+dfsg-3A~5.0.0.202103261107 [Fri, 26 Mar 2021 11:07:38 +0100] Univention builddaemon <buildd@univention.de>: +7.5.0+dfsg-3+deb10u1A~5.0.2.202211281239 [Mon, 28 Nov 2022 12:40:32 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-password_sync @@ -8,6 +8,37 @@ 0098-s4-badPwdCount-02-part3 0100-disable-prompt-when-using-pam +7.5.0+dfsg-3+deb10u1 [Sat, 26 Nov 2022 17:00:54 +0100] Guilhem Moulin <guilhem@debian.org>: + + * Non-maintainer upload by the LTS Security Team, with fixes for: + + CVE-2019-14870: The AD KDC before 7.7.1/7.8 does not apply + delegation_not_allowed (aka not-delegated) user attributes for S4U2Self; + instead the forwardable flag is set even if the impersonated client has + the not-delegated flag set. Closes: #946786. + + CVE-2021-3671: A NULL dereference was found in the way the server + handled a missing sname in TGS-REQ, leading to denial of service of the + KDC before 7.7.1/7.8. Closes: #996586. + + CVE-2021-44758: An initial SPNEGO token that has no acceptable + mechanisms causes a NULL dereference in acceptors. Closes: #1024187. + - Follow-up regression (FTBFS) fix: gss: Remove useless grep from + check-context. + + CVE-2022-3437: RC4 (arcfour), 1DES and 3DES3 unwrap didn't use constant + memcmp() and were subject to buffer overflow, potentially leaking secret + keys when using these ciphers. Closes: #1024187. + + CVE-2022-41916: The KDC and 3rd party applications using Heimdal's + libhx509 before 7.7.1/7.8 is subject to a denial of service + vulnerability due to an out of bound read in the PKI certificate + validation library. Closes: #1024187. + + CVE-2022-42898: Heimdal before 7.7.1/7.8 suffers from an integer + multiplication overflow when calculating how many bytes to allocate for + a buffer for the parsed Privilege Attribute Certificate (PAC). 64 bits + systems are not exploitable. Closes: #1024187. + - Follow-up regression fix for lib/krb5/store-int.c:_krb5_get_int64() on + 32-bit systems. + + CVE-2022-44640: Invalid free() in ASN.1 codec, potentially allowing + remote code execution against Heimdal KDCs before 7.7.1/7.8. + Closes: #1024187. + 7.5.0+dfsg-3 [Tue, 21 May 2019 18:04:35 +1000] Brian May <bam@debian.org>: * CVE-2018-16860: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum. <http://piuparts.knut.univention.de/5.0-2/#2421085848081113613>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 0e100b70ac Bug #55461: heimdal 7.5.0+dfsg-3+deb10u1A~5.0.2.202211281239 doc/errata/staging/heimdal.yaml | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) [5.0-2] 5b14557c32 Bug #55461: heimdal 7.5.0+dfsg-3+deb10u1A~5.0.2.202211281239 doc/errata/staging/heimdal.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x499>