libheimdal-7.7.0-1.11 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10946 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libheimdal-7.7.0-1.11 on GA media These are all security issues fixed in the libheimdal-7.7.0-1.11 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10946 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10946 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-11103/ SUSE CVE CVE-2017-11103 page https://www.suse.com/security/cve/CVE-2017-17439/ SUSE CVE CVE-2017-17439 page https://www.suse.com/security/cve/CVE-2017-6594/ SUSE CVE CVE-2017-6594 page https://www.suse.com/security/cve/CVE-2018-16860/ SUSE CVE CVE-2018-16860 page https://www.suse.com/security/cve/CVE-2019-12098/ SUSE CVE CVE-2019-12098 page openSUSE Tumbleweed libheimdal-7.7.0-1.11 libheimdal-devel-7.7.0-1.11 libheimdal-7.7.0-1.11 as a component of openSUSE Tumbleweed libheimdal-devel-7.7.0-1.11 as a component of openSUSE Tumbleweed Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. CVE-2017-11103 openSUSE Tumbleweed:libheimdal-7.7.0-1.11 openSUSE Tumbleweed:libheimdal-devel-7.7.0-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-11103.html CVE-2017-11103 https://bugzilla.suse.com/1048278 SUSE Bug 1048278 In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. CVE-2017-17439 openSUSE Tumbleweed:libheimdal-7.7.0-1.11 openSUSE Tumbleweed:libheimdal-devel-7.7.0-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-17439.html CVE-2017-17439 https://bugzilla.suse.com/1071675 SUSE Bug 1071675 The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. CVE-2017-6594 openSUSE Tumbleweed:libheimdal-7.7.0-1.11 openSUSE Tumbleweed:libheimdal-devel-7.7.0-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6594.html CVE-2017-6594 https://bugzilla.suse.com/1048278 SUSE Bug 1048278 A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. CVE-2018-16860 openSUSE Tumbleweed:libheimdal-7.7.0-1.11 openSUSE Tumbleweed:libheimdal-devel-7.7.0-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16860.html CVE-2018-16860 https://bugzilla.suse.com/1134024 SUSE Bug 1134024 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. CVE-2019-12098 openSUSE Tumbleweed:libheimdal-7.7.0-1.11 openSUSE Tumbleweed:libheimdal-devel-7.7.0-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12098.html CVE-2019-12098