openSUSE-SU-2023:0020-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0020-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2023:0020-1
Related
Published
2023-01-16T08:42:52Z
Modified
2023-01-16T08:42:52Z
Summary
Security update for libheimdal
Details

This update for libheimdal fixes the following issues:

Update to version 7.8.0

  • CVE-2022-42898 PAC parse integer overflows
  • CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
  • CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
  • CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors
  • CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
  • CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
  • CVE-2019-14870: Validate client attributes in protocol-transition
References

Affected packages

SUSE:Package Hub 15 SP3 / libheimdal

Package

Name
libheimdal
Purl
purl:rpm/suse/libheimdal&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.8.0-bp153.2.4.1

Ecosystem specific

{
    "binaries": [
        {
            "libheimntlm0": "7.8.0-bp153.2.4.1",
            "libkadm5clnt7": "7.8.0-bp153.2.4.1",
            "libheimbase1": "7.8.0-bp153.2.4.1",
            "libkrb5-26": "7.8.0-bp153.2.4.1",
            "libroken18": "7.8.0-bp153.2.4.1",
            "libwind0": "7.8.0-bp153.2.4.1",
            "libsl0": "7.8.0-bp153.2.4.1",
            "libheimedit0": "7.8.0-bp153.2.4.1",
            "libhcrypto4": "7.8.0-bp153.2.4.1",
            "libhx509-5": "7.8.0-bp153.2.4.1",
            "libheimdal-devel": "7.8.0-bp153.2.4.1",
            "libasn1-8": "7.8.0-bp153.2.4.1",
            "libkafs0": "7.8.0-bp153.2.4.1",
            "libkdc2": "7.8.0-bp153.2.4.1",
            "libhdb9": "7.8.0-bp153.2.4.1",
            "libotp0": "7.8.0-bp153.2.4.1",
            "libgssapi3": "7.8.0-bp153.2.4.1",
            "libkadm5srv8": "7.8.0-bp153.2.4.1"
        }
    ]
}

openSUSE:Leap 15.3 / libheimdal

Package

Name
libheimdal
Purl
purl:rpm/suse/libheimdal&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.8.0-bp153.2.4.1

Ecosystem specific

{
    "binaries": [
        {
            "libheimntlm0": "7.8.0-bp153.2.4.1",
            "libkadm5clnt7": "7.8.0-bp153.2.4.1",
            "libheimbase1": "7.8.0-bp153.2.4.1",
            "libkrb5-26": "7.8.0-bp153.2.4.1",
            "libroken18": "7.8.0-bp153.2.4.1",
            "libwind0": "7.8.0-bp153.2.4.1",
            "libsl0": "7.8.0-bp153.2.4.1",
            "libheimedit0": "7.8.0-bp153.2.4.1",
            "libhcrypto4": "7.8.0-bp153.2.4.1",
            "libhx509-5": "7.8.0-bp153.2.4.1",
            "libheimdal-devel": "7.8.0-bp153.2.4.1",
            "libasn1-8": "7.8.0-bp153.2.4.1",
            "libkafs0": "7.8.0-bp153.2.4.1",
            "libkdc2": "7.8.0-bp153.2.4.1",
            "libhdb9": "7.8.0-bp153.2.4.1",
            "libotp0": "7.8.0-bp153.2.4.1",
            "libgssapi3": "7.8.0-bp153.2.4.1",
            "libkadm5srv8": "7.8.0-bp153.2.4.1"
        }
    ]
}