New security flaw in Heimdal: https://www.debian.org/security/2017/dsa-4056
CVE: (none) => CVE-2017-16239
Assigning to the registered heimdal maintainer. I think the link and CVE are wrong, though, so changing them where I can, because of: Debian Security Advisory DSA-4055-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond December 07, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : heimdal CVE ID : CVE-2017-17439 Debian Bug : 878144 ___________________________________________________________________________ I don't know whether it needs to be fixed in Mageia 5, too
CC: (none) => marja11Whiteboard: (none) => MGA6TOOAssignee: bugsquad => guillomovitchCVE: CVE-2017-16239 => CVE-2017-17439Version: 6 => CauldronURL: https://www.debian.org/security/2017/dsa-4056 => https://www.debian.org/security/2017/dsa-4055Summary: heimdal security vulnerability CVE-2017-16239 => heimdal security vulnerability CVE-2017-17439
Indeed, the correct DSA link from December 7: https://www.debian.org/security/2017/dsa-4055
Source RPM: heimdal => heimdal-7.4.0-2.mga7.src.rpmSummary: heimdal security vulnerability CVE-2017-17439 => heimdal new security issue CVE-2017-17439
Fixed package submitted in updates_testing for mageia 6.
Advisory: ======================== Updated heimdal packages fix security vulnerability: Michael Eder and Thomas Kittel discovered that Heimdal did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service (crash of the KDC daemon) by sending maliciously crafted packets (CVE-2017-17439). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17439 https://www.debian.org/security/2017/dsa-4055 ======================== Updated packages in core/updates_testing: ======================== heimdal-workstation-7.3.0-1.2.mga6 heimdal-server-7.3.0-1.2.mga6 heimdal-libs-7.3.0-1.2.mga6 heimdal-devel-7.3.0-1.2.mga6 heimdal-devel-doc-7.3.0-1.2.mga6 from heimdal-7.3.0-1.2.mga6.src.rpm
CC: (none) => guillomovitchWhiteboard: MGA6TOO => (none)Version: Cauldron => 6Assignee: guillomovitch => qa-bugs
MGA6-32 on Dell Latitude D600 MATE No installation issues Based on tests in bug 21550 Comment 4 # systemctl start heimdal Failed to start heimdal.service: Unit heimdal.service not found. After some googling found that things have changed it seems # systemctl start heimdal-kdc # systemctl -l status heimdal-kdc ● heimdal-kdc.service - Heimdal KDC is a Kerberos 5 Key Distribution Center server Loaded: loaded (/usr/lib/systemd/system/heimdal-kdc.service; enabled; vendor preset: enabled) Active: active (running) since do 2017-12-28 14:48:53 CET; 24s ago Docs: man:kdc(8) info:heimdal http://www.h5l.org/ Main PID: 18121 (kdc) CGroup: /system.slice/heimdal-kdc.service ├─18121 /usr/libexec/kdc └─18124 /usr/libexec/kdc dec 28 14:48:53 mach6.hviaene.thuis systemd[1]: Started Heimdal KDC is a Kerberos 5 Key Distribution Cent and # kadmin kadmin: kadm5_init_with_password: No KDC found for realm HVIAENE.THUIS That is correct As normal user:$ verify_krb5_conf verify_krb5_conf: krb5_config_parse_file: open /home/tester6/.krb5/config: No such file or directory verify_krb5_conf: /libdefaults/rdns: unknown entry verify_krb5_conf: /libdefaults/default_ccache_name: unknown entry I can accept that.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Thanks yet again for a sticky test. Advisoried, validating.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0485.html
Status: NEW => RESOLVEDResolution: (none) => FIXED