openSUSE has issued an advisory today (August 17): https://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => guillomovitch
release 1.5.3-6.2.mga5 just submitted in updates_testing
Assignee: guillomovitch => qa-bugs
Advisory: ======================== Updated heimdal packages fix security vulnerability: Transit path validation inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2 (CVE-2017-6594). Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594 https://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html ======================== Updated packages in core/updates_testing: ======================== heimdal-workstation-1.5.3-6.2.mga5 heimdal-server-1.5.3-6.2.mga5 heimdal-libs-1.5.3-6.2.mga5 heimdal-ftp-1.5.3-6.2.mga5 heimdal-rsh-1.5.3-6.2.mga5 heimdal-telnet-1.5.3-6.2.mga5 heimdal-ftpd-1.5.3-6.2.mga5 heimdal-rshd-1.5.3-6.2.mga5 heimdal-telnetd-1.5.3-6.2.mga5 heimdal-daemons-1.5.3-6.2.mga5 heimdal-devel-1.5.3-6.2.mga5 heimdal-devel-doc-1.5.3-6.2.mga5 from heimdal-1.5.3-6.2.mga5.src.rpm
MGA5-32 on Asus A6000VM Xfce No installation issues. This is beyond me, but I found a site that might inspire someone else to do more indepth testing: http://chschneider.eu/linux/server/heimdal.shtml A few commands I could at least enter . As root: # systemctl start heimdal # systemctl status heimdal â heimdal.service - LSB: Heimdal Kerberos servers Loaded: loaded (/etc/rc.d/init.d/heimdal) Active: active (running) since vr 2017-08-25 11:12:57 CEST; 10s ago Process: 7569 ExecStart=/etc/rc.d/init.d/heimdal start (code=exited, status=0/SUCCESS) CGroup: /system.slice/heimdal.service ââ7579 /usr/sbin/kdc --detach aug 25 11:12:57 mach6.hviaene.thuis heimdal[7569]: Starting Heimdal Kerberos 5 Key Distribution Center:/usr/bin...pid' aug 25 11:12:57 mach6.hviaene.thuis heimdal[7569]: Typ '/usr/bin/dirname --help' voor meer informatie. aug 25 11:12:57 mach6.hviaene.thuis heimdal[7569]: [ OK ] Hint: Some lines were ellipsized, use -l to show in full. and then # kadmin kadmin> quit I have no idea what I could do else at this prompt. As normal user: $ verify_krb5_conf verify_krb5_conf: krb5_config_parse_file: open /home/tester5/.krb5/config: No such file or directory verify_krb5_conf: /realms/EXAMPLE.COM/kdc: Name or service not known (kerberos.example.com) verify_krb5_conf: /realms/EXAMPLE.COM/admin_server: Name or service not known (kerberos.example.com) Which seems sensible as no real configuration hes been done. Unless someone objects OK for me.
Whiteboard: (none) => MGA5-32-OKCC: (none) => herman.viaene
Herman: heroic to even try this thing! Thanks. Advisory uploaded; validating also as it is for Mageia 5 only.
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK => MGA5-32-OK advisoryCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0308.html
Status: NEW => RESOLVEDResolution: (none) => FIXED