Medium
Canonical Ubuntu
It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-44758) Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-3437) Greg Hudson discovered that Kerberos PAC implementation used in Heimdal incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-42898) It was discovered that Heimdalβs KDC did not properly handle certain error conditions. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-44640) Update Instructions: Run sudo pro fix USN-5800-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhcrypto4-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libwind0-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libroken18-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libgssapi3-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-kcm β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libhdb9-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libasn1-8-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libsl0-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libkadm5clnt7-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-kdc β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libkdc2-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-servers β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libheimntlm0-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-docs β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libheimbase1-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libkrb5-26-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libotp0-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-dev β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libkafs0-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libhx509-5-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-multidev β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 libkadm5srv8-heimdal β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 heimdal-clients β 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro
CVEs contained in this USN include: CVE-2021-44758, CVE-2022-3437, CVE-2022-42898, CVE-2022-44640.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
β’ Bionic Stemcells
* Upgrade 1.x versions to 1.171 or greater
* Upgrade all versions to 0.349.0 or greater
2023-02-02: Initial vulnerability report published.