openSUSE-SU-2017:3268-1

Опубликовано: 12 дек. 2017

Источник: suse-cvrf

Описание

Security update for libheimdal

This update for libheimdal fixes the following issues:

CVE-2017-17439: Remote unauthenticated attackers may have crashed the KDC (boo#1071675)

Список пакетов

openSUSE Leap 42.2

libheimdal-7.4.0-6.1

libheimdal-devel-7.4.0-6.1

openSUSE Leap 42.3

libheimdal-7.4.0-6.1

libheimdal-devel-7.4.0-6.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-12/msg00043.html
E-Mail link for openSUSE-SU-2017:3268-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.

Затронутые продукты

openSUSE Leap 42.2:libheimdal-7.4.0-6.1

openSUSE Leap 42.2:libheimdal-devel-7.4.0-6.1

openSUSE Leap 42.3:libheimdal-7.4.0-6.1

openSUSE Leap 42.3:libheimdal-devel-7.4.0-6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17439.html
CVE-2017-17439
https://bugzilla.suse.com/1071675
SUSE Bug 1071675

openSUSE-SU-2017:3268-1

Описание

Список пакетов

openSUSE Leap 42.2

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-17439

Описание

Затронутые продукты

Ссылки