Univention Bugzilla – Bug 49599
heimdal: Multiple issues (4.4)
Last modified: 2020-08-31 08:28:34 CEST
New Debian heimdal 7.1.0+dfsg-13+deb9u3A~4.4.0.201906051655 fixes: This update addresses the following issues: * S4U2Self with unkeyed checksum (CVE-2018-16860) * In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. (CVE-2019-12098)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/heimdal_7.1.0+dfsg-13+deb9u2A~4.3.0.201801240026.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/heimdal_7.1.0+dfsg-13+deb9u3A~4.4.0.201906051717.dsc @@ -1,4 +1,4 @@ -7.1.0+dfsg-13+deb9u2A~4.3.0.201801240026 [Wed, 24 Jan 2018 00:26:54 +0100] Univention builddaemon <buildd@univention.de>: +7.1.0+dfsg-13+deb9u3A~4.4.0.201906051717 [Wed, 05 Jun 2019 17:17:48 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-password_sync @@ -7,6 +7,14 @@ 0098-s4-badPwdCount-02-part2 0098-s4-badPwdCount-02-part3 +7.1.0+dfsg-13+deb9u3 [Tue, 28 May 2019 17:16:51 +1000] Brian May <bam@debian.org>: + + * CVE-2018-16860: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum. + Closes: #928966. + * CVE-2019-12098: Always confirm PA-PKINIT-KX for anon PKINIT. + Closes: #929064. + * Update test certificates to pre 2038 expiry. + 7.1.0+dfsg-13+deb9u2 [Wed, 06 Dec 2017 13:24:04 +0100] Dominik George <nik@naturalnet.de>: * CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.1 <http://10.200.17.11/4.4-0/#6528480675916967423>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-0] c4ec5bd858 Bug #49599: heimdal 7.1.0+dfsg-13+deb9u3A~4.4.0.201906051717 doc/errata/staging/heimdal.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) [4.4-0] aef3c3fc75 Bug #49599: heimdal 7.1.0+dfsg-13+deb9u3A~4.4.0.201906051655 doc/errata/staging/heimdal.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<http://errata.software-univention.de/ucs/4.4/145.html>