Advisories » MGASA-2017-0485

Updated heimdal packages fix security vulnerability

Publication date: 31 Dec 2017
Modification date: 31 Dec 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17439

Description

Michael Eder and Thomas Kittel discovered that Heimdal did not correctly
handle ASN.1 data. This would allow an unauthenticated remote attacker
to cause a denial of service (crash of the KDC daemon) by sending
maliciously crafted packets (CVE-2017-17439).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22142
• https://www.debian.org/security/2017/dsa-4055
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17439

SRPMS

6/core

• heimdal-7.3.0-1.2.mga6