USN-5800-1: Heimdal vulnerabilities
12 January 2023
Several security issues were fixed in Heimdal.
Releases
Packages
- heimdal - Heimdal Kerberos Network Authentication Protocol
Details
It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2021-44758)
Evgeny Legerov discovered that Heimdal incorrectly handled memory when
performing certain DES decryption operations. A remote attacker could use
this issue to cause a denial of service, or possibly execute arbitrary
code. (CVE-2022-3437)
Greg Hudson discovered that Kerberos PAC implementation used in Heimdal
incorrectly handled certain parsing operations. A remote attacker could use
this issue to cause a denial of service, or possibly execute arbitrary
code. (CVE-2022-42898)
It was discovered that Heimdal's KDC did not properly handle certain error
conditions. A remote attacker could use this issue to cause a denial of
service, or possibly execute arbitrary code. (CVE-2022-44640)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
libgssapi3-heimdal
-
7.7.0+dfsg-1ubuntu1.3
-
libhdb9-heimdal
-
7.7.0+dfsg-1ubuntu1.3
-
libasn1-8-heimdal
-
7.7.0+dfsg-1ubuntu1.3
-
libkrb5-26-heimdal
-
7.7.0+dfsg-1ubuntu1.3
-
libhx509-5-heimdal
-
7.7.0+dfsg-1ubuntu1.3
Ubuntu 18.04
-
libgssapi3-heimdal
-
7.5.0+dfsg-1ubuntu0.3
-
libhdb9-heimdal
-
7.5.0+dfsg-1ubuntu0.3
-
libasn1-8-heimdal
-
7.5.0+dfsg-1ubuntu0.3
-
libkrb5-26-heimdal
-
7.5.0+dfsg-1ubuntu0.3
-
libhx509-5-heimdal
-
7.5.0+dfsg-1ubuntu0.3
Ubuntu 16.04
-
libgssapi3-heimdal
-
1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
Available with Ubuntu Pro
-
libhdb9-heimdal
-
1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
Available with Ubuntu Pro
-
libasn1-8-heimdal
-
1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
Available with Ubuntu Pro
-
libkrb5-26-heimdal
-
1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
Available with Ubuntu Pro
-
libhx509-5-heimdal
-
1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
Available with Ubuntu Pro
Ubuntu 14.04
-
libgssapi3-heimdal
-
1.6~git20131207+dfsg-1ubuntu1.2+esm3
Available with Ubuntu Pro
-
libhdb9-heimdal
-
1.6~git20131207+dfsg-1ubuntu1.2+esm3
Available with Ubuntu Pro
-
libasn1-8-heimdal
-
1.6~git20131207+dfsg-1ubuntu1.2+esm3
Available with Ubuntu Pro
-
libkrb5-26-heimdal
-
1.6~git20131207+dfsg-1ubuntu1.2+esm3
Available with Ubuntu Pro
-
libhx509-5-heimdal
-
1.6~git20131207+dfsg-1ubuntu1.2+esm3
Available with Ubuntu Pro
After a standard system update you need to restart any application
using Heimdal libraries to make all the necessary changes.
References
Related notices
- USN-5822-1: libpam-winbind, libldb2, libwbclient0, python3-samba, registry-tools, samba-common, libsmbclient, winbind, ldb-tools, samba-libs, python3-ldb-dev, samba-dsdb-modules, smbclient, libnss-winbind, samba-common-bin, samba-dev, samba-vfs-modules, libwbclient-dev, libsmbclient-dev, ctdb, samba, python3-ldb, samba-testsuite, libldb-dev
- USN-5828-1: libkrb5-3, libkdb5-9, libkrad0, krb5-user, libkdb5-10, libkadm5clnt-mit9, krb5-multidev, krb5-doc, libkadm5clnt-mit11, krb5-pkinit, libkadm5clnt-mit12, libkadm5srv-mit9, libkadm5srv-mit12, krb5-k5tls, libkdb5-8, libgssapi-krb5-2, krb5-otp, libgssrpc4, krb5-kdc-ldap, libkadm5srv-mit8, libkrb5support0, libkrad-dev, libkdb5-7, krb5-admin-server, krb5-gss-samples, krb5-kdc, krb5-kpropd, libkrb5-dev, krb5, libkadm5srv-mit11, krb5-locales, libk5crypto3
- USN-5936-1: libpam-winbind, libwbclient0, python3-samba, registry-tools, samba-common, libsmbclient, winbind, samba-libs, samba-dsdb-modules, smbclient, libnss-winbind, samba-common-bin, samba-dev, samba-vfs-modules, libwbclient-dev, libsmbclient-dev, ctdb, samba, samba-testsuite