stable

heimdal-7.7.1-3.fc37

FEDORA-2022-2c77cee4b5 created by abo 3 years ago for Fedora 37

Fixes:

  • Delay service starts until after network is online (#2005501)
  • Restart services on package update (will apply when updating from this release)

This release fixes the following Security Vulnerabilities:

  • CVE-2022-42898 PAC parse integer overflows
  • CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
  • CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
  • CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
  • CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
  • CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-2c77cee4b5

This update has been submitted for testing by abo.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has obsoleted heimdal-7.7.1-1.fc37, and has inherited its bugs and notes.

3 years ago

This update has been pushed to testing.

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please log in to add feedback.

Metadata
Type
security
Severity
urgent
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
Builds
1
heimdal-7.7.1-3.fc37
heimdal-7.7.1-3.fc37

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.11.2 on bodhi-web-12-n78jl.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy