+++ This bug was initially created as a clone of Bug #31157 +++ Debian has issued an advisory on November 19: https://www.debian.org/security/2022/dsa-5286 The issue is fixed upstream in krb5 1.19.4 and heimdal 7.7.1: https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c Mageia 8 is also affected. Debian has issued an advisory on November 22: https://www.debian.org/security/2022/dsa-5287 Additional issues are also fixed upstream in heimdal 7.7.1: https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
Blocks: 29260 => (none)
Status comment: (none) => Fixed upstream in 7.7.1
I submitted heimdal 7.7.1 in mageia 8 updates_testing, and cauldron has heimdal 7.8.0
heimdal-devel-7.7.1-1.2.mga8 heimdal-devel-doc-7.7.1-1.2.mga8 heimdal-libs-7.7.1-1.2.mga8 heimdal-workstation-7.7.1-1.2.mga8 heimdal-server-7.7.1-1.2.mga8 from heimdal-7.7.1-1.2.mga8.src.rpm
Depends on: 31157 => (none)Status comment: Fixed upstream in 7.7.1 => (none)CC: (none) => guillomovitchAssignee: guillomovitch => qa-bugs
Debian-LTS has issued an advisory on November 26: https://www.debian.org/lts/security/2022/dla-3206 This update also fixes CVE-2019-14870: https://github.com/heimdal/heimdal/security/advisories/GHSA-q77c-9qvp-qfw4
Summary: heimdal new security issues CVE-2021-44758, CVE-2022-3437, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640 => heimdal new security issues CVE-2019-14870, CVE-2021-44758, CVE-2022-3437, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640
Fedora has issued an advisory for this today (November 30): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AYXWFESBZJMBNACFDHWWH7KETGKUXDPO/
Selecting the devel generates a whole list of The following packages have to be removed for others to be upgraded: curl-examples-7.74.0-1.9.mga8.noarch (due to unsatisfied curl-devel >= 1:7.74.0-1.9.mga8) lib64curl-devel-7.74.0-1.9.mga8.x86_64 (due to missing devel(libgssapi_krb5(64bit))) lib64gsasl-devel-1.8.1-2.1.mga8.x86_64 (due to missing devel(libgssapi_krb5(64bit))) lib64krb53-devel-1.18.3-1.mga8.x86_64 (due to conflicts with heimdal-devel-7.7.1-1.2.mga8.x86_64) and a lot more .... Continuing without the devel rpm.
CC: (none) => herman.viaene
Ref bug 30962 # systemctl start heimdal-kdc # systemctl -l status heimdal-kdc ● heimdal-kdc.service - Heimdal KDC is a Kerberos 5 Key Distribution Center server Loaded: loaded (/usr/lib/systemd/system/heimdal-kdc.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2022-12-17 10:28:54 CET; 19s ago Docs: man:kdc(8) info:heimdal http://www.h5l.org/ Main PID: 6275 (kdc) Tasks: 3 (limit: 4364) Memory: 1.7M CPU: 45ms CGroup: /system.slice/heimdal-kdc.service ├─6275 /usr/libexec/kdc ├─6278 /usr/libexec/kdc └─6279 /usr/libexec/kdc Dec 17 10:28:54 mach7.hviaene.thuis systemd[1]: Started Heimdal KDC is a Kerberos 5 Key Distribution Center serve> # kadmin kadmin: kadm5_init_with_password: No KDC found for realm HVIAENE.THUIS This makes sense $ verify_krb5_conf verify_krb5_conf: krb5_config_parse_file: open /home/tester8/.krb5/config: No such file or directory verify_krb5_conf: krb5_config_parse_file: /etc/krb5.conf:3: binding before section This is all inline with bug 30962, so good enough.
Whiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0468.html
Status: NEW => RESOLVEDResolution: (none) => FIXED