Updated heimdal packages fix security vulnerability
Publication date: 25 Aug 2017Modification date: 25 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6594
Description
Transit path validation inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2 (CVE-2017-6594). Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations.
References
SRPMS
5/core
- heimdal-1.5.3-6.2.mga5