Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 20.04 LTS USN-5800-1 Critical: Heimdal DoS Threats

ubuntu
Calendar Grey January 12, 2023
Dist Ubuntu Esm H88
Heimdal security flaws in Ubuntu impact various versions. Ensure your systems are updated to prevent possible service interruptions.
Several security issues were fixed in Heimdal.

Summary

Several security issues were fixed in Heimdal.

Software Description:

- heimdal: Heimdal Kerberos Network Authentication Protocol

Details:

It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A

remote attacker could possibly use this issue to cause a denial of service.

(CVE-2021-44758)

Evgeny Legerov discovered that Heimdal incorrectly handled memory when

performing certain DES decryption operations. A remote attacker could use

this issue to cause a denial of service, or possibly execute arbitrary

code. (CVE-2022-3437)

Greg Hudson discovered that Kerberos PAC implementation used in Heimdal

incorrectly handled certain parsing operations. A remote attacker could use

this issue to cause a denial of service, or possibly execute arbitrary

code. (CVE-2022-42898)

It was discovered that Heimdal's KDC did not properly handle certain error

conditions. A remote attacker could use this issue to cause a denial of

service, or possibly execute arb...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   libasn1-8-heimdal               7.7.0+dfsg-1ubuntu1.3
   libgssapi3-heimdal              7.7.0+dfsg-1ubuntu1.3
   libhdb9-heimdal                 7.7.0+dfsg-1ubuntu1.3
   libhx509-5-heimdal              7.7.0+dfsg-1ubuntu1.3
   libkrb5-26-heimdal              7.7.0+dfsg-1ubuntu1.3

Ubuntu 18.04 LTS:
   libasn1-8-heimdal               7.5.0+dfsg-1ubuntu0.3
   libgssapi3-heimdal              7.5.0+dfsg-1ubuntu0.3
   libhdb9-heimdal                 7.5.0+dfsg-1ubuntu0.3
   libhx509-5-heimdal              7.5.0+dfsg-1ubuntu0.3
   libkrb5-26-heimdal              7.5.0+dfsg-1ubuntu0.3

Ubuntu 16.04 ESM:
   libasn1-8-heimdal               1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
   libgssapi3-heimdal              1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
   libhdb9-heimdal                 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
   libhx509-5-heimdal              1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
   libkrb5-26-heimdal              1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3

Ubuntu 14.04 ESM:
   libasn1-8-heimdal               1.6~git20131207+dfsg-1ubuntu1.2+esm3
   libgssapi3-heimdal              1.6~git20131207+dfsg-1ubuntu1.2+esm3
   libhdb9-heimdal                 1.6~git20131207+dfsg-1ubuntu1.2+esm3
   libhx509-5-heimdal              1.6~git20131207+dfsg-1ubuntu1.2+esm3
   libkrb5-26-heimdal              1.6~git20131207+dfsg-1ubuntu1.2+esm3

After a standard system update you need to restart any application
using Heimdal libraries to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5800-1

CVE-2021-44758, CVE-2022-3437, CVE-2022-42898, CVE-2022-44640

Severity
critical
Lowest
Low
Medium
High
Critical

January 12, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here