[Bugs] [Bug 13534] New: [CVE 21] heimdal 7.7.0 CVEs found
bugzilla
bugzilla на rosalinux.ru
Ср Авг 23 23:20:19 MSK 2023
https://bugzilla.rosalinux.ru/show_bug.cgi?id=13534
Platform: 2021.1
Bug ID: 13534
Summary: [CVE 21] heimdal 7.7.0 CVEs found
Classification: ROSA-based products
Product: ROSA Fresh
Version: All
Hardware: All
URL: CVE-2021-44758, CVE-2022-41916,
OS: Linux
Status: CONFIRMED
Severity: normal
Priority: Normal
Component: System (kernel, glibc, systemd, bash, PAM...)
Assignee: bugs на lists.rosalinux.ru
Reporter: y.tumanov на rosalinux.ru
QA Contact: bugs на lists.rosalinux.ru
CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
y.tumanov на rosalinux.ru
Target Milestone: ---
Flags: secteam_verified?
Please patch CVEs for package heimdal version 7.7.0
INFO (CVEs are): heimdal 7.7.0
cves found
CVE-2021-44758
Desc: Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference
in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero
initial_response value to send_accept.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-44758
Severity: HIGH
CVE-2022-41916
Desc: Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions
prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's
PKI certificate validation library, affecting the KDC (via PKINIT) and kinit
(via PKINIT), as well as any third-party applications using Heimdal's libhx509.
Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds
for this issue.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-41916
Severity: HIGH
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/c16da09f/attachment-0001.html>
Подробная информация о списке рассылки Bugs