Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for libheimdal

This update for libheimdal fixes the following issues:

- Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name
validation.
This is a critical vulnerability.
In _krb5_extract_ticket() the KDC-REP service name must be
obtained from encrypted version stored in 'enc_part' instead
of the unencrypted version stored in 'ticket'.
Use of the unecrypted version provides an opportunity for
successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and
Nico Williams.
See https://www.orpheus-lyre.info/ for more details. (bsc#1048278)

- Fix CVE-2017-6594: transit path validation inadvertently
caused the previous hop realm to not be added
to the transit path of issued tickets. This may, in some
cases, enable bypass of capath policy in Heimdal versions 1.5
through 7.2.
Note, this may break sites that rely on the bug. With the bug
some incomplete [capaths] worked, that should not have.
These may now break authentication in some cross-realm
configurations.

Fixed bugs
CVE-2017-6594
CVE-2017-11103
bnc#1048278
VUL-0: CVE-2017-11103: samba: Orpheus Lyre KDC-REP service name Orpheus Lyre KDC-REP service name validation (mutual auth bypass) in embedded Heimdalvalidation (mutual auth bypass) in embedded Heimdal
Selected Binaries
openSUSE Build Service is sponsored by
Places