Bug 22142

Assigning to the registered heimdal maintainer.

I think the link and CVE are wrong, though, so changing them where I can, because of:

Debian Security Advisory DSA-4055-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
December 07, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : heimdal
CVE ID         : CVE-2017-17439
Debian Bug     : 878144


___________________________________________________________________________


I don't know whether it needs to be fixed in Mageia 5, too

CC: (none) => marja11
Whiteboard: (none) => MGA6TOO
Assignee: bugsquad => guillomovitch
CVE: CVE-2017-16239 => CVE-2017-17439
Version: 6 => Cauldron
URL: https://www.debian.org/security/2017/dsa-4056 => https://www.debian.org/security/2017/dsa-4055
Summary: heimdal security vulnerability CVE-2017-16239 => heimdal security vulnerability CVE-2017-17439

Indeed, the correct DSA link from December 7:
https://www.debian.org/security/2017/dsa-4055

Source RPM: heimdal => heimdal-7.4.0-2.mga7.src.rpm
Summary: heimdal security vulnerability CVE-2017-17439 => heimdal new security issue CVE-2017-17439

Fixed package submitted in updates_testing for mageia 6.

Advisory:
========================

Updated heimdal packages fix security vulnerability:

Michael Eder and Thomas Kittel discovered that Heimdal did not correctly handle
ASN.1 data. This would allow an unauthenticated remote attacker to cause a
denial of service (crash of the KDC daemon) by sending maliciously crafted
packets (CVE-2017-17439).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17439
https://www.debian.org/security/2017/dsa-4055
========================

Updated packages in core/updates_testing:
========================
heimdal-workstation-7.3.0-1.2.mga6
heimdal-server-7.3.0-1.2.mga6
heimdal-libs-7.3.0-1.2.mga6
heimdal-devel-7.3.0-1.2.mga6
heimdal-devel-doc-7.3.0-1.2.mga6

from heimdal-7.3.0-1.2.mga6.src.rpm

CC: (none) => guillomovitch
Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6
Assignee: guillomovitch => qa-bugs

MGA6-32 on Dell Latitude D600 MATE
No installation issues
Based on tests in bug 21550 Comment 4
# systemctl start heimdal
Failed to start heimdal.service: Unit heimdal.service not found.
After some googling found that things have changed it seems
# systemctl start heimdal-kdc
# systemctl -l status heimdal-kdc
● heimdal-kdc.service - Heimdal KDC is a Kerberos 5 Key Distribution Center server
   Loaded: loaded (/usr/lib/systemd/system/heimdal-kdc.service; enabled; vendor preset: enabled)
   Active: active (running) since do 2017-12-28 14:48:53 CET; 24s ago
     Docs: man:kdc(8)
           info:heimdal
           http://www.h5l.org/
 Main PID: 18121 (kdc)
   CGroup: /system.slice/heimdal-kdc.service
           ├─18121 /usr/libexec/kdc
           └─18124 /usr/libexec/kdc

dec 28 14:48:53 mach6.hviaene.thuis systemd[1]: Started Heimdal KDC is a Kerberos 5 Key Distribution Cent
and
# kadmin 
kadmin: kadm5_init_with_password: No KDC found for realm HVIAENE.THUIS
That is correct
As normal user:$ verify_krb5_conf 
verify_krb5_conf: krb5_config_parse_file: open /home/tester6/.krb5/config: No such file or directory
verify_krb5_conf: /libdefaults/rdns: unknown entry
verify_krb5_conf: /libdefaults/default_ccache_name: unknown entry
I can accept that.

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Thanks yet again for a sticky test. Advisoried, validating.

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0485.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED