Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => guillomovitch

release 1.5.3-6.2.mga5 just submitted in updates_testing

Assignee: guillomovitch => qa-bugs

Advisory:
========================

Updated heimdal packages fix security vulnerability:

Transit path validation inadvertently caused the previous hop realm to not be
added to the transit path of issued tickets. This may, in some cases, enable
bypass of capath policy in Heimdal versions 1.5 through 7.2 (CVE-2017-6594).

Note, this may break sites that rely on the bug. With the bug some incomplete
[capaths] worked, that should not have. These may now break authentication in
some cross-realm configurations.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594
https://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html
========================

Updated packages in core/updates_testing:
========================
heimdal-workstation-1.5.3-6.2.mga5
heimdal-server-1.5.3-6.2.mga5
heimdal-libs-1.5.3-6.2.mga5
heimdal-ftp-1.5.3-6.2.mga5
heimdal-rsh-1.5.3-6.2.mga5
heimdal-telnet-1.5.3-6.2.mga5
heimdal-ftpd-1.5.3-6.2.mga5
heimdal-rshd-1.5.3-6.2.mga5
heimdal-telnetd-1.5.3-6.2.mga5
heimdal-daemons-1.5.3-6.2.mga5
heimdal-devel-1.5.3-6.2.mga5
heimdal-devel-doc-1.5.3-6.2.mga5

from heimdal-1.5.3-6.2.mga5.src.rpm

MGA5-32 on Asus A6000VM Xfce
No installation issues.
This is beyond me, but I found a site that might inspire someone else to do more indepth testing: 
http://chschneider.eu/linux/server/heimdal.shtml

A few commands I could at least enter .
As root:
# systemctl start heimdal
# systemctl status heimdal
â heimdal.service - LSB: Heimdal Kerberos servers
   Loaded: loaded (/etc/rc.d/init.d/heimdal)
   Active: active (running) since vr 2017-08-25 11:12:57 CEST; 10s ago
  Process: 7569 ExecStart=/etc/rc.d/init.d/heimdal start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/heimdal.service
           ââ7579 /usr/sbin/kdc --detach

aug 25 11:12:57 mach6.hviaene.thuis heimdal[7569]: Starting Heimdal Kerberos 5 Key Distribution Center:/usr/bin...pid'
aug 25 11:12:57 mach6.hviaene.thuis heimdal[7569]: Typ '/usr/bin/dirname --help' voor meer informatie.
aug 25 11:12:57 mach6.hviaene.thuis heimdal[7569]: [  OK  ]
Hint: Some lines were ellipsized, use -l to show in full.
and then
# kadmin
kadmin> quit
I have no idea what I could do else at this prompt.
As normal user:
$ verify_krb5_conf 
verify_krb5_conf: krb5_config_parse_file: open /home/tester5/.krb5/config: No such file or directory
verify_krb5_conf: /realms/EXAMPLE.COM/kdc: Name or service not known (kerberos.example.com)
verify_krb5_conf: /realms/EXAMPLE.COM/admin_server: Name or service not known (kerberos.example.com)
Which seems sensible as no real configuration hes been done.

Unless someone objects OK for me.

Whiteboard: (none) => MGA5-32-OK
CC: (none) => herman.viaene

Herman: heroic to even try this thing! Thanks.
Advisory uploaded; validating also as it is for Mageia 5 only.

Keywords: (none) => validated_update
Whiteboard: MGA5-32-OK => MGA5-32-OK advisory
CC: (none) => lewyssmith, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0308.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED