openSUSE: 2023:0019-1 important: libheimdal
Description
This update for libheimdal fixes the following issues: Update to version 7.8.0 - CVE-2022-42898 PAC parse integer overflows - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour - CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array - CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors - CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec - CVE-2019-14870: Validate client attributes in protocol-transition
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-19=1
Package List
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): libasn1-8-7.8.0-bp154.2.4.1 libgssapi3-7.8.0-bp154.2.4.1 libhcrypto4-7.8.0-bp154.2.4.1 libhdb9-7.8.0-bp154.2.4.1 libheimbase1-7.8.0-bp154.2.4.1 libheimdal-devel-7.8.0-bp154.2.4.1 libheimedit0-7.8.0-bp154.2.4.1 libheimntlm0-7.8.0-bp154.2.4.1 libhx509-5-7.8.0-bp154.2.4.1 libkadm5clnt7-7.8.0-bp154.2.4.1 libkadm5srv8-7.8.0-bp154.2.4.1 libkafs0-7.8.0-bp154.2.4.1 libkdc2-7.8.0-bp154.2.4.1 libkrb5-26-7.8.0-bp154.2.4.1 libotp0-7.8.0-bp154.2.4.1 libroken18-7.8.0-bp154.2.4.1 libsl0-7.8.0-bp154.2.4.1 libwind0-7.8.0-bp154.2.4.1
References
https://www.suse.com/security/cve/CVE-2019-14870.html https://www.suse.com/security/cve/CVE-2021-3671.html https://www.suse.com/security/cve/CVE-2021-44758.html https://www.suse.com/security/cve/CVE-2022-3437.html https://www.suse.com/security/cve/CVE-2022-41916.html https://www.suse.com/security/cve/CVE-2022-42898.html https://www.suse.com/security/cve/CVE-2022-44640.html