[SECURITY] [DSA 5344-1] heimdal security update

2023-02-0812:46:12

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

27.8%

JSON

Debian Security Advisory DSA-5344-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
February 08, 2023 https://www.debian.org/security/faq

Package : heimdal
CVE ID : CVE-2022-45142
Debian Bug : 1030849

Helmut Grohne discovered a flaw in Heimdal, an implementation of
Kerberos 5 that aims to be compatible with MIT Kerberos. The backports
of fixes for CVE-2022-3437 accidentally inverted important memory
comparisons in the arcfour-hmac-md5 and rc4-hmac integrity check
handlers for gssapi, resulting in incorrect validation of message
integrity codes.

For the stable distribution (bullseye), this problem has been fixed in
version 7.7.0+dfsg-2+deb11u3.

We recommend that you upgrade your heimdal packages.

For the detailed security status of heimdal please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/heimdal

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11s390xlibwind0-heimdal< 7.7.0+dfsg-2+deb11u3libwind0-heimdal_7.7.0+dfsg-2+deb11u3_s390x.deb
Debian11armhfheimdal-servers< 7.7.0+dfsg-2+deb11u3heimdal-servers_7.7.0+dfsg-2+deb11u3_armhf.deb
Debian11arm64libheimntlm0-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u3libheimntlm0-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_arm64.deb
Debian11arm64libkrb5-26-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u3libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_arm64.deb
Debian11s390xlibkafs0-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u3libkafs0-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_s390x.deb
Debian11arm64libhcrypto4-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u3libhcrypto4-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_arm64.deb
Debian11s390xlibheimbase1-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u3libheimbase1-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_s390x.deb
Debian11armhflibkrb5-26-heimdal-dbgsym< 7.7.0+dfsg-2+deb11u3libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_armhf.deb
Debian10amd64libkdc2-heimdal< 7.5.0+dfsg-3+deb10u2libkdc2-heimdal_7.5.0+dfsg-3+deb10u2_amd64.deb
Debian11armelheimdal-clients-dbgsym< 7.7.0+dfsg-2+deb11u3heimdal-clients-dbgsym_7.7.0+dfsg-2+deb11u3_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	s390x	libwind0-heimdal	< 7.7.0+dfsg-2+deb11u3	libwind0-heimdal_7.7.0+dfsg-2+deb11u3_s390x.deb
Debian	11	armhf	heimdal-servers	< 7.7.0+dfsg-2+deb11u3	heimdal-servers_7.7.0+dfsg-2+deb11u3_armhf.deb
Debian	11	arm64	libheimntlm0-heimdal-dbgsym	< 7.7.0+dfsg-2+deb11u3	libheimntlm0-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_arm64.deb
Debian	11	arm64	libkrb5-26-heimdal-dbgsym	< 7.7.0+dfsg-2+deb11u3	libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_arm64.deb
Debian	11	s390x	libkafs0-heimdal-dbgsym	< 7.7.0+dfsg-2+deb11u3	libkafs0-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_s390x.deb
Debian	11	arm64	libhcrypto4-heimdal-dbgsym	< 7.7.0+dfsg-2+deb11u3	libhcrypto4-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_arm64.deb
Debian	11	s390x	libheimbase1-heimdal-dbgsym	< 7.7.0+dfsg-2+deb11u3	libheimbase1-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_s390x.deb
Debian	11	armhf	libkrb5-26-heimdal-dbgsym	< 7.7.0+dfsg-2+deb11u3	libkrb5-26-heimdal-dbgsym_7.7.0+dfsg-2+deb11u3_armhf.deb
Debian	10	amd64	libkdc2-heimdal	< 7.5.0+dfsg-3+deb10u2	libkdc2-heimdal_7.5.0+dfsg-3+deb10u2_amd64.deb
Debian	11	armel	heimdal-clients-dbgsym	< 7.7.0+dfsg-2+deb11u3	heimdal-clients-dbgsym_7.7.0+dfsg-2+deb11u3_armel.deb