[ubuntu/bionic-security] heimdal 7.5.0+dfsg-1ubuntu0.1 (Accepted)
Camila Camargo de Matos
camila.camargodematos at canonical.com
Thu Oct 13 15:04:46 UTC 2022
heimdal (7.5.0+dfsg-1ubuntu0.1) bionic-security; urgency=medium
* Fix FTBFS problem due to expired certificates that cause failing tests
- debian/patches/update-certs.patch: regenerate certs so that they expire
before 2038.
- debian/source/include-binaries: add altered binaries.
* SECURITY UPDATE: incomplete checksum validation in S4U2Self handler
- debian/patches/CVE-2018-16860.patch: reject PA-S4U2Self with unkeyed
checksum (Heimdal KDC).
- CVE-2018-16860
* SECURITY UPDATE: no verification of anonymous PKINIT PA-PKINIT-KX key
exchange
- debian/patches/CVE-2019-12098.patch: always confirm PA-PKINIT-KX for
anon PKINIT (krb5).
- CVE-2019-12098
* SECURITY UPDATE: NULL pointer dereference when handling missing sname in
TGS-REQ
- debian/patches/CVE-2021-3671.patch: validate sname in TGS-REQ (kdc).
- CVE-2021-3671
* SECURITY UPDATE: NULL pointer dereference in SPNEGO
- debian/patches/CVE-2022-3116.patch: fix NULL pointer dereference
(spnego).
- CVE-2022-3116
Date: 2022-10-11 18:40:10.486778+00:00
Changed-By: Camila Camargo de Matos <camila.camargodematos at canonical.com>
https://launchpad.net/ubuntu/+source/heimdal/7.5.0+dfsg-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list