Security update for libheimdal SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2376-1 Final 1 1 2018-08-16T08:06:38Z current 2018-08-16T08:06:38Z 2018-08-16T08:06:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libheimdal This update for libheimdal to version 7.5.0 fixes the following issues: The following security vulnerability was fixed: - CVE-2017-17439: Fixed a remote denial of service vulnerability through which remote unauthenticated attackers were able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm (boo#1071675) The following other bugs were fixed: - Override the build date (boo#1047218) - Use constant hostname (boo#1084909) - Handle long input lines when reloading database dumps - In pre-forked mode, correctly clear the process ids of exited children, allowing new child processes to replace the old. - Fixed incorrect KDC response when no-cross realm TGT exists, allowing client requests to fail quickly rather than time out after trying to get a correct answer from each KDC. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00055.html E-Mail link for openSUSE-SU-2018:2376-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libheimdal-7.5.0-9.1 libheimdal-devel-7.5.0-9.1 libheimdal-7.5.0-9.1 as a component of openSUSE Leap 42.3 libheimdal-devel-7.5.0-9.1 as a component of openSUSE Leap 42.3 In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. CVE-2017-17439 openSUSE Leap 42.3:libheimdal-7.5.0-9.1 openSUSE Leap 42.3:libheimdal-devel-7.5.0-9.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00055.html https://www.suse.com/security/cve/CVE-2017-17439.html CVE-2017-17439 https://bugzilla.suse.com/1071675 SUSE Bug 1071675