heimdal 7.5.0+dfsg-1ubuntu0.3 source package in Ubuntu

Changelog

heimdal (7.5.0+dfsg-1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2021-44758.patch: add a call to send_reject() when
      preferred_mech_type is GSS_C_NO_OID in
      lib/gssapi/spnego/accept_sec_context.c.
    - debian/patches/CVE-2021-44758-post.patch: remove grep command in test
      file tests/gss/check-context.in to prevent FTBFS.
    - CVE-2021-44758
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2022-3437-1.patch: change calls to memcmp with
      ct_memcmp in lib/gssapi/krb5/arcfour.c.
    - debian/patches/CVE-2022-3437-2.patch: change calls to memcmp with
      ct_memcmp in lib/gssapi/krb5/unwrap.c
    - debian/patches/CVE-2022-3437-3.patch: add NULL pointer checks before
      memcpy in lib/gssapi/krb5/unwrap.c.
    - debian/patches/CVE-2022-3437-4.patch: change logic on pad buffer
      hanlding in _gssapi_verify_pad() in lib/gssapi/krb5/decapsulate.c.
    - debian/patches/CVE-2022-3437-5.patch: add buffer boundary checks in
      _gssapi_verify_mech_header() in lib/gssapi/krb5/decapsulate.c
    - debian/patches/CVE-2022-3437-6.patch: add buffer length checks in
      lib/gssapi/krb5/unwrap.c.
    - debian/patches/CVE-2022-3437-7.patch: add buffer length checks in
      _gsskrb5_get_mech() in lib/gssapi/krb5/decapsulate.c.
    - debian/patches/CVE-2022-3437-8.patch: change buffer length parameter
      when calling _gssapi_verify_pad() in lib/gssapi/krb5/unwrap.c.
    - CVE-2022-3437
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2022-42898-1.patch: change logic on PAC buffer
      parsing in lib/krb5/pac.c.
    - debian/patches/CVE-2022-42898-2.patch: change variable type from
      unsigned long to uint64_t in lib/krb5/store-int.c.
    - CVE-2022-42898
  * SECURITY UPDATE: invalid free
    - debian/patches/CVE-2022-44640.patch: relocates a call to fprintf and
      parameters when calling it in decode_type() in lib/asn1/gen_decode.c
      and add a call to fprintf in free_type() in lib/asn1/gen_free.c.
    - CVE-2022-44640

 -- Rodrigo Figueiredo Zaiden <email address hidden>  Wed, 11 Jan 2023 19:19:12 -0300

Upload details

Uploaded by:
Rodrigo Figueiredo Zaiden
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
heimdal_7.5.0+dfsg.orig.tar.gz 8.5 MiB 489119b7a1a900b88163765654dc59cba9a321b078fafc76629e2b85ef140867
heimdal_7.5.0+dfsg-1ubuntu0.3.debian.tar.xz 323.8 KiB 952964d23c6261b27ce558f2771d51351319e04934c360f9bf4f21c3f30b2af4
heimdal_7.5.0+dfsg-1ubuntu0.3.dsc 3.3 KiB 1c017ceaf74ec7dd1002e9e4f1fe0e11c331e195b8209bf66f26e5cae0b5682b

View changes file

Binary packages built by this source

heimdal-clients: Heimdal Kerberos - clients

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package includes Kerberos utilities like kadmin, kinit, kpasswd and
 klist.

heimdal-clients-dbgsym: debug symbols for heimdal-clients
heimdal-dev: Heimdal Kerberos - development files

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This is the development package, required for developing
 programs for Heimdal.

heimdal-docs: Heimdal Kerberos - documentation

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package includes documentation (in info format) on how to
 use Heimdal, and relevant standards for Kerberos.

heimdal-kcm: Heimdal Kerberos - KCM daemon

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package includes the KCM daemon which can hold the credentials
 for all users in the system. Access control is done with Unix-like
 permissions. The daemon checks the access on all operations based on
 the UID and GID of the user. The tickets are renewed as long as is
 permitted by the KDC's policy.

heimdal-kcm-dbgsym: debug symbols for heimdal-kcm
heimdal-kdc: Heimdal Kerberos - key distribution center (KDC)

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package includes the KDC (key distribution center) server,
 which is designed to run on a secure computer and keeps track
 of users' passwords. This is done using the Kerberos protocol in
 such a way that the server computers do not need to know the
 passwords.

heimdal-kdc-dbgsym: debug symbols for heimdal-kdc
heimdal-multidev: Heimdal Kerberos - Multi-implementation Development

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package provides versions of the Heimdal development files that
 can be installed along-side MIT Kerberos development files.
 Normally, heimdal-dev should be used. However if a package needs to
 build against both Heimdal Kerberos and MIT Kerberos, then the
 multidev package should be used.

heimdal-multidev-dbgsym: debug symbols for heimdal-multidev
heimdal-servers: Heimdal Kerberos - server programs

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the kfd server, for receiving forwarded tickets.

heimdal-servers-dbgsym: debug symbols for heimdal-servers
libasn1-8-heimdal: Heimdal Kerberos - ASN.1 library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the ASN.1 parser required for Heimdal.

libasn1-8-heimdal-dbgsym: debug symbols for libasn1-8-heimdal
libgssapi3-heimdal: Heimdal Kerberos - GSSAPI support library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the library for GSSAPI support.

libgssapi3-heimdal-dbgsym: debug symbols for libgssapi3-heimdal
libhcrypto4-heimdal: Heimdal Kerberos - crypto library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the cryptographic library required for Heimdal.

libhcrypto4-heimdal-dbgsym: debug symbols for libhcrypto4-heimdal
libhdb9-heimdal: Heimdal Kerberos - kadmin server library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the library for storing the KDC database.

libhdb9-heimdal-dbgsym: debug symbols for libhdb9-heimdal
libheimbase1-heimdal: Heimdal Kerberos - Base library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the base library.

libheimbase1-heimdal-dbgsym: debug symbols for libheimbase1-heimdal
libheimntlm0-heimdal: Heimdal Kerberos - NTLM support library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the NTLM support library.

libheimntlm0-heimdal-dbgsym: debug symbols for libheimntlm0-heimdal
libhx509-5-heimdal: Heimdal Kerberos - X509 support library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the x509 supportlibrary.

libhx509-5-heimdal-dbgsym: debug symbols for libhx509-5-heimdal
libkadm5clnt7-heimdal: Heimdal Kerberos - kadmin client library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the client library for kadmin.

libkadm5clnt7-heimdal-dbgsym: debug symbols for libkadm5clnt7-heimdal
libkadm5srv8-heimdal: Libraries for Heimdal Kerberos

 Heimdal is a free implementation of Kerberos 5, that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the server library for kadmin.

libkadm5srv8-heimdal-dbgsym: debug symbols for libkadm5srv8-heimdal
libkafs0-heimdal: Heimdal Kerberos - KAFS support library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the library for KAFS support.

libkafs0-heimdal-dbgsym: debug symbols for libkafs0-heimdal
libkdc2-heimdal: Heimdal Kerberos - KDC support library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the KDC support library.

libkdc2-heimdal-dbgsym: debug symbols for libkdc2-heimdal
libkrb5-26-heimdal: Heimdal Kerberos - libraries

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the Kerberos 5 library.

libkrb5-26-heimdal-dbgsym: debug symbols for libkrb5-26-heimdal
libotp0-heimdal: Heimdal Kerberos - OTP support library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the library for OTP support.

libotp0-heimdal-dbgsym: debug symbols for libotp0-heimdal
libroken18-heimdal: Heimdal Kerberos - roken support library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the library for roken support.

libroken18-heimdal-dbgsym: debug symbols for libroken18-heimdal
libsl0-heimdal: Heimdal Kerberos - SL support library

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the library for SL support.

libsl0-heimdal-dbgsym: debug symbols for libsl0-heimdal
libwind0-heimdal: Heimdal Kerberos - stringprep implementation

 Heimdal is a free implementation of Kerberos 5 that aims to be
 compatible with MIT Kerberos.
 .
 This package contains the stringprep library.

libwind0-heimdal-dbgsym: debug symbols for libwind0-heimdal