MGASA-2017-0308

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0308.html

Import Source

https://advisories.mageia.org/MGASA-2017-0308.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0308

Related

CVE-2017-6594

Published

2017-08-25T20:35:54Z

Modified

2017-08-25T20:20:20Z

Summary

Updated heimdal packages fix security vulnerability

Details

Transit path validation inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2 (CVE-2017-6594).

Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / heimdal

Package

Name: heimdal
Purl: pkg:rpm/mageia/heimdal?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.3-6.2.mga5

Ecosystem specific

{
    "section": "core"
}