stable

heimdal-7.7.1-3.fc36

FEDORA-2022-dba9ba8e2b created by abo 2 years ago for Fedora 36

Fixes:

  • Delay service starts until after network is online (#2005501)
  • Restart services on package update (will apply when updating from this release)

This release fixes the following Security Vulnerabilities:

  • CVE-2022-42898 PAC parse integer overflows
  • CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
  • CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
  • CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
  • CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
  • CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-dba9ba8e2b

This update has been submitted for testing by abo.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has obsoleted heimdal-7.7.1-1.fc36, and has inherited its bugs and notes.

2 years ago

This update has been pushed to testing.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago

Automated Test Results