Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

Ubuntu 20.04 LTS USN-5675-1 Critical Heimdal Issues and Fixes

ubuntu
Calendar Grey October 13, 2022
Dist Ubuntu Esm H88
Familiarize yourself with the Heimdal security flaws addressed in Ubuntu Security Notice USN-5675-1 and the required steps for updating your system.
Several security issues were fixed in Heimdal.

Summary

Several security issues were fixed in Heimdal.

Software Description:

- heimdal: Heimdal Kerberos Network Authentication Protocol

Details:

Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was

not properly performing checksum algorithm verifications in the

S4U2Self extension module. An attacker could possibly use this issue

to perform a machine-in-the-middle attack and request S4U2Self

tickets for any user known by the application. This issue only

affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.

(CVE-2018-16860)

It was discovered that Heimdal was not properly handling the

verification of key exchanges when an anonymous PKINIT was being

used. An attacker could possibly use this issue to perform a

machine-in-the-middle attack and expose sensitive information.

This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and

Ubuntu 18.04 LTS. (CVE-2019-12098)

Joseph Sutton discovered that Heimdal was not properly handling

memory...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   heimdal-clients                 7.7.0+dfsg-1ubuntu1.1
   heimdal-kcm                     7.7.0+dfsg-1ubuntu1.1
   heimdal-kdc                     7.7.0+dfsg-1ubuntu1.1
   heimdal-servers                 7.7.0+dfsg-1ubuntu1.1
   libgssapi3-heimdal              7.7.0+dfsg-1ubuntu1.1
   libkdc2-heimdal                 7.7.0+dfsg-1ubuntu1.1
   libkrb5-26-heimdal              7.7.0+dfsg-1ubuntu1.1

Ubuntu 18.04 LTS:
   heimdal-clients                 7.5.0+dfsg-1ubuntu0.1
   heimdal-kcm                     7.5.0+dfsg-1ubuntu0.1
   heimdal-kdc                     7.5.0+dfsg-1ubuntu0.1
   heimdal-servers                 7.5.0+dfsg-1ubuntu0.1
   libgssapi3-heimdal              7.5.0+dfsg-1ubuntu0.1
   libkdc2-heimdal                 7.5.0+dfsg-1ubuntu0.1
   libkrb5-26-heimdal              7.5.0+dfsg-1ubuntu0.1

Ubuntu 16.04 ESM:
   heimdal-clients 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1
   heimdal-kcm 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1
   heimdal-kdc 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1
   heimdal-servers 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1
   libgssapi3-heimdal 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1
   libkdc2-heimdal 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1
   libkrb5-26-heimdal 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1

Ubuntu 14.04 ESM:
   heimdal-clients 1.6~git20131207+dfsg-1ubuntu1.2+esm1
   heimdal-clients-x 1.6~git20131207+dfsg-1ubuntu1.2+esm1
   heimdal-kcm 1.6~git20131207+dfsg-1ubuntu1.2+esm1
   heimdal-kdc 1.6~git20131207+dfsg-1ubuntu1.2+esm1
   heimdal-servers 1.6~git20131207+dfsg-1ubuntu1.2+esm1
   heimdal-servers-x 1.6~git20131207+dfsg-1ubuntu1.2+esm1
   libgssapi3-heimdal 1.6~git20131207+dfsg-1ubuntu1.2+esm1
   libkdc2-heimdal 1.6~git20131207+dfsg-1ubuntu1.2+esm1
   libkrb5-26-heimdal 1.6~git20131207+dfsg-1ubuntu1.2+esm1

After a standard system update you need to restart any application
using Heimdal libraries to make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5675-1

  CVE-2018-16860, CVE-2019-12098, CVE-2021-3671, CVE-2022-3116

Severity
critical
Lowest
Low
Medium
High
Critical

October 13, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.