Ubuntu has issued an advisory today (July 14): https://www.ubuntu.com/usn/usn-3353-1/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOOSeverity: normal => major
This issue also affects Samba 4 in AD mode.
CC: (none) => zombie_ryushu
IINM, Samba is only affected if you compile it with support for that, but we don't. That's my understanding based on what I have read.
It looks like the samba package in Mageia 6 may have been switched to use the embedded Heimdal Kerberos at some point, but I'm not entirely sure as MIT krb5 is still in the BuildRequires. CC'ing Nicolas for clarification as he's worked on that package recently. Advisories for this for samba: https://www.samba.org/samba/security/CVE-2017-11103.html https://www.debian.org/security/2017/dsa-3909 https://www.ubuntu.com/usn/usn-3353-2/
CC: (none) => mageia
heimdal-7.4.0-1.mga7 uploaded for Cauldron by Guillaume.
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOVersion: Cauldron => 6
pushed in updates_testing: src.rpm: heimdal-1.5.3-6.1.mga5 heimdal-7.3.0-1.1.mga6
Assignee: guillomovitch => qa-bugs
Advisory: ======================== Updated heimdal packages fix security vulnerability: Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks (CVE-2017-11103). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103 https://usn.ubuntu.com/usn/usn-3353-1/ ======================== Updated packages in core/updates_testing: ======================== heimdal-workstation-1.5.3-6.1.mga5 heimdal-server-1.5.3-6.1.mga5 heimdal-libs-1.5.3-6.1.mga5 heimdal-ftp-1.5.3-6.1.mga5 heimdal-rsh-1.5.3-6.1.mga5 heimdal-telnet-1.5.3-6.1.mga5 heimdal-ftpd-1.5.3-6.1.mga5 heimdal-rshd-1.5.3-6.1.mga5 heimdal-telnetd-1.5.3-6.1.mga5 heimdal-daemons-1.5.3-6.1.mga5 heimdal-devel-1.5.3-6.1.mga5 heimdal-devel-doc-1.5.3-6.1.mga5 heimdal-workstation-7.3.0-1.1.mga6 heimdal-server-7.3.0-1.1.mga6 heimdal-libs-7.3.0-1.1.mga6 heimdal-devel-7.3.0-1.1.mga6 heimdal-devel-doc-7.3.0-1.1.mga6 from SRPMS: heimdal-1.5.3-6.1.mga5.src.rpm heimdal-7.3.0-1.1.mga6.src.rpm
In VirtualBox, M6, Plasma, 64-bit Description: Heimdall is a cross-platform open-source utility to flash firmware (aka ROMs) onto Samsung Galaxy S devices. Used to put custom operating systems on Galaxy 5 devices. First time test for these packages. No procedure. Package(s) under test: heimdall heimdal-server heimdal-workstation heimdall-frontend heimdal-libs perl-Heimdal-Kadm5 default install of heimdall heimdal-server heimdal-workstation heimdall-frontend heimdal-libs perl-Heimdal-Kadm5 [root@localhost wilcal]# urpmi heimdall Package heimdall-1.4.1-4.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-server Package heimdal-server-7.3.0-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-workstation Package heimdal-workstation-7.3.0-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdall-frontend Package heimdall-frontend-1.4.1-4.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-libs Package heimdal-libs-7.3.0-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi perl-Heimdal-Kadm5 Package perl-Heimdal-Kadm5-0.80.0-13.mga6.x86_64 is already installed Packages install without issue Install updating heimdall heimdal-server heimdal-workstation heimdall-frontend heimdal-libs perl-Heimdal-Kadm5 from updates_testing [root@localhost wilcal]# urpmi heimdall Package heimdall-1.4.1-4.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-server Package heimdal-server-7.3.0-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-workstation Package heimdal-workstation-7.3.0-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdall-frontend Package heimdall-frontend-1.4.1-4.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-libs Package heimdal-libs-7.3.0-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi perl-Heimdal-Kadm5 Package perl-Heimdal-Kadm5-0.80.0-13.mga6.x86_64 is already installed Updating packages install without issue. Unless someone wants to become an expert at this I'm not sure we can test much more with this David. What you say?
CC: (none) => wilcal.int
Thats not what heimdal is, Heimdal is an Implementation of Kerberos V. Heimdall is the utility for Flashing Samsung Devices.
Indeed, I was worried about this. Heimdall has nothing to do with Heimdal, which is a Kerberos V implementation as Zombie said. Possibly some variation of our krb5 test procedure could work. I'd be satisfied with testing that they install cleanly otherwise.
(In reply to David Walser from comment #9) > Indeed, I was worried about this. Heimdall has nothing to do with Heimdal, > which is a Kerberos V implementation as Zombie said. Possibly some > variation of our krb5 test procedure could work. I'd be satisfied with > testing that they install cleanly otherwise. I agree. I'll roll through both arches to make sure everything updates cleanly. If after a day or so someone does not come up with a better test I'll push it on.
In VirtualBox, M6, Plasma, 64-bit Install heimdal-workstation heimdal-server heimdal-libs heimdal-devel heimdal-devel-doc from updates_testing [root@localhost wilcal]# urpmi heimdal-workstation Package heimdal-workstation-7.3.0-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-server Package heimdal-server-7.3.0-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-libs Package heimdal-libs-7.3.0-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-devel Package heimdal-devel-7.3.0-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-devel-doc Package heimdal-devel-doc-7.3.0-1.1.mga6.x86_64 is already installed
In VirtualBox, M6, Plasma, 32-bit Install heimdal-workstation heimdal-server heimdal-libs heimdal-devel heimdal-devel-doc [root@localhost wilcal]# urpmi heimdal-workstation Package heimdal-workstation-7.3.0-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi heimdal-server Package heimdal-server-7.3.0-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi heimdal-libs Package heimdal-libs-7.3.0-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi heimdal-devel Package heimdal-devel-7.3.0-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi heimdal-devel-doc Package heimdal-devel-doc-7.3.0-1.mga6.i586 is already installed All installed without issue Install heimdal-workstation heimdal-server heimdal-libs heimdal-devel heimdal-devel-doc from updates_testing [root@localhost wilcal]# urpmi heimdal-workstation Package heimdal-workstation-7.3.0-1.1.mga6.i586 is already installed [root@localhost wilcal]# urpmi heimdal-server Package heimdal-server-7.3.0-1.1.mga6.i586 is already installed [root@localhost wilcal]# urpmi heimdal-libs Package heimdal-libs-7.3.0-1.1.mga6.i586 is already installed [root@localhost wilcal]# urpmi heimdal-devel Package heimdal-devel-7.3.0-1.1.mga6.i586 is already installed [root@localhost wilcal]# urpmi heimdal-devel-doc Package heimdal-devel-doc-7.3.0-1.1.mga6.i586 is already installed All installed without issue
In VirtualBox, M5.1, KDE, 64-bit Install heimdal-workstation heimdal-server heimdal-libs heimdal-ftp heimdal-rsh heimdal-telnet heimdal-ftpd heimdal-rshd heimdal-telnetd heimdal-daemons heimdal-devel heimdal-devel-doc [root@localhost wilcal]# urpmi heimdal-workstation Package heimdal-workstation-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-server Package heimdal-server-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-libs Package heimdal-libs-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-ftp Package heimdal-ftp-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-rsh Package heimdal-rsh-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-telnet Package heimdal-telnet-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-ftpd Package heimdal-ftpd-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-rshd Package heimdal-rshd-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-telnetd Package heimdal-telnetd-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-daemons Package heimdal-daemons-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-devel Package heimdal-devel-1.5.3-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-devel-doc Package heimdal-devel-doc-1.5.3-6.mga5.x86_64 is already installed All installed without issue Install heimdal-workstation heimdal-server heimdal-libs heimdal-ftp heimdal-rsh heimdal-telnet heimdal-ftpd heimdal-rshd heimdal-telnetd heimdal-daemons heimdal-devel heimdal-devel-doc from updates_testing [root@localhost wilcal]# urpmi heimdal-server Package heimdal-server-1.5.3-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-libs Package heimdal-libs-1.5.3-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-ftp Package heimdal-ftp-1.5.3-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-rsh Package heimdal-rsh-1.5.3-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-telnet Package heimdal-telnet-1.5.3-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-ftpd Package heimdal-ftpd-1.5.3-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-rshd Package heimdal-rshd-1.5.3-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-telnetd Package heimdal-telnetd-1.5.3-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-daemons Package heimdal-daemons-1.5.3-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-devel Package heimdal-devel-1.5.3-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi heimdal-devel-doc Package heimdal-devel-doc-1.5.3-6.1.mga5.x86_64 is already installed All installed without issue
In VirtualBox, M5.1, KDE, 32-bit Install heimdal-workstation heimdal-server heimdal-libs heimdal-ftp heimdal-rsh heimdal-telnet heimdal-ftpd heimdal-rshd heimdal-telnetd heimdal-daemons heimdal-devel heimdal-devel-doc [root@localhost wilcal]# urpmi heimdal-workstation Package heimdal-workstation-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-server Package heimdal-server-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-libs Package heimdal-libs-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-ftp Package heimdal-ftp-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-rsh Package heimdal-rsh-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-telnet Package heimdal-telnet-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-ftpd Package heimdal-ftpd-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-rshd Package heimdal-rshd-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-telnetd Package heimdal-telnetd-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-daemons Package heimdal-daemons-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-devel Package heimdal-devel-1.5.3-6.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-devel-doc Package heimdal-devel-doc-1.5.3-6.mga5.i586 is already installed All installed without issue Install heimdal-workstation heimdal-server heimdal-libs heimdal-ftp heimdal-rsh heimdal-telnet heimdal-ftpd heimdal-rshd heimdal-telnetd heimdal-daemons heimdal-devel heimdal-devel-doc from updates_testing [root@localhost wilcal]# urpmi heimdal-workstation Package heimdal-workstation-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-server Package heimdal-server-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-libs Package heimdal-libs-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-ftp Package heimdal-ftp-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-rsh Package heimdal-rsh-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-telnet Package heimdal-telnet-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-ftpd Package heimdal-ftpd-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-rshd Package heimdal-rshd-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-telnetd Package heimdal-telnetd-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-daemons Package heimdal-daemons-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-devel Package heimdal-devel-1.5.3-6.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi heimdal-devel-doc Package heimdal-devel-doc-1.5.3-6.1.mga5.i586 is already installed All installed without issue
Whiteboard: MGA5TOO => MGA5TOO advisory
This update works fine. Testing complete for MGA5 & MGA6, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: MGA5TOO advisory => MGA5TOO advisory MGA5-32-OK MGA5-64-OK MGA6-32-OK MGA6-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0265.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED