openSUSE: Security Advisory for libheimdal (openSUSE-SU-2018:2376-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for libheimdal (important)

This update for libheimdal to version 7.5.0 fixes the following issues: The following security vulnerability was fixed: - CVE-2017-17439: Fixed a remote denial of service vulnerability through which remote unauthenticated attackers were able to crash the KDC by sending a crafted UDP packet...

Fedora 27 : heimdal (2017-f0e5ad250c)

Update to 7.5.0 GA release CVE-2017-17439 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 26 : heimdal (2017-2962e58478)

Update to 7.5.0 GA release CVE-2017-17439 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

openSUSE Security Update : libheimdal (openSUSE-2017-1364)

This update for libheimdal fixes the following issues : - CVE-2017-17439: Remote unauthenticated attackers may have crashed the KDC boo1071675 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

CVE-2017-17439

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...

UBUNTU-CVE-2017-17439

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...

CVE-2017-17439

CVE-2017-17439 affects Heimdal (libheimdal) up to version 7.4, where a vulnerability in the ASN.1/DER handling can be triggered by a crafted UDP packet with empty client name or realm data. The issue causes the KDC to dereference NULL pointers in kdc/kerberos5.c and der_length.c, leading to a seg...

CVE-2017-17439

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...