| Summary: | heimdal new security issues CVE-2019-14870, CVE-2021-44758, CVE-2022-3437, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, guillomovitch, herman.viaene, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | heimdal-7.7.0-5.2.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-11-23 20:31:22 CET
David Walser
2022-11-23 20:31:40 CET
Blocks:
29260 =>
(none)
David Walser
2022-11-23 20:32:10 CET
Status comment:
(none) =>
Fixed upstream in 7.7.1 I submitted heimdal 7.7.1 in mageia 8 updates_testing, and cauldron has heimdal 7.8.0 heimdal-devel-7.7.1-1.2.mga8 heimdal-devel-doc-7.7.1-1.2.mga8 heimdal-libs-7.7.1-1.2.mga8 heimdal-workstation-7.7.1-1.2.mga8 heimdal-server-7.7.1-1.2.mga8 from heimdal-7.7.1-1.2.mga8.src.rpm Depends on:
31157 =>
(none) Debian-LTS has issued an advisory on November 26: https://www.debian.org/lts/security/2022/dla-3206 This update also fixes CVE-2019-14870: https://github.com/heimdal/heimdal/security/advisories/GHSA-q77c-9qvp-qfw4 Summary:
heimdal new security issues CVE-2021-44758, CVE-2022-3437, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640 =>
heimdal new security issues CVE-2019-14870, CVE-2021-44758, CVE-2022-3437, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640 Fedora has issued an advisory for this today (November 30): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AYXWFESBZJMBNACFDHWWH7KETGKUXDPO/ Selecting the devel generates a whole list of The following packages have to be removed for others to be upgraded: curl-examples-7.74.0-1.9.mga8.noarch (due to unsatisfied curl-devel >= 1:7.74.0-1.9.mga8) lib64curl-devel-7.74.0-1.9.mga8.x86_64 (due to missing devel(libgssapi_krb5(64bit))) lib64gsasl-devel-1.8.1-2.1.mga8.x86_64 (due to missing devel(libgssapi_krb5(64bit))) lib64krb53-devel-1.18.3-1.mga8.x86_64 (due to conflicts with heimdal-devel-7.7.1-1.2.mga8.x86_64) and a lot more .... Continuing without the devel rpm. CC:
(none) =>
herman.viaene Ref bug 30962 # systemctl start heimdal-kdc # systemctl -l status heimdal-kdc ● heimdal-kdc.service - Heimdal KDC is a Kerberos 5 Key Distribution Center server Loaded: loaded (/usr/lib/systemd/system/heimdal-kdc.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2022-12-17 10:28:54 CET; 19s ago Docs: man:kdc(8) info:heimdal http://www.h5l.org/ Main PID: 6275 (kdc) Tasks: 3 (limit: 4364) Memory: 1.7M CPU: 45ms CGroup: /system.slice/heimdal-kdc.service ├─6275 /usr/libexec/kdc ├─6278 /usr/libexec/kdc └─6279 /usr/libexec/kdc Dec 17 10:28:54 mach7.hviaene.thuis systemd[1]: Started Heimdal KDC is a Kerberos 5 Key Distribution Center serve> # kadmin kadmin: kadm5_init_with_password: No KDC found for realm HVIAENE.THUIS This makes sense $ verify_krb5_conf verify_krb5_conf: krb5_config_parse_file: open /home/tester8/.krb5/config: No such file or directory verify_krb5_conf: krb5_config_parse_file: /etc/krb5.conf:3: binding before section This is all inline with bug 30962, so good enough. Whiteboard:
(none) =>
MGA8-64-OK Validating. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-12-17 18:11:01 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0468.html Status:
NEW =>
RESOLVED |