Ubuntu alert USN-3353-1 (heimdal)
| From: | Steve Beattie <steve.beattie@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-3353-1] Heimdal vulnerability | |
| Date: | Fri, 14 Jul 2017 12:45:48 -0700 | |
| Message-ID: | <20170714194548.GR16253@nxnw.org> |
========================================================================== Ubuntu Security Notice USN-3353-1 July 14, 2017 heimdal vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Heimdal could allow unintended access to network services. Software Description: - heimdal: Heimdal Kerberos Network Authentication Protocol Details: Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: libkrb5-26-heimdal 7.1.0+dfsg-9ubuntu1.1 Ubuntu 16.10: libkrb5-26-heimdal 1.7~git20150920+dfsg-4ubuntu1.16.10.1 Ubuntu 16.04 LTS: libkrb5-26-heimdal 1.7~git20150920+dfsg-4ubuntu1.16.04.1 Ubuntu 14.04 LTS: libkrb5-26-heimdal 1.6~git20131207+dfsg-1ubuntu1.2 After a standard system update you need to restart any applications using Heimdal libraries to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3353-1 CVE-2017-11103 Package Information: https://launchpad.net/ubuntu/+source/heimdal/7.1.0+dfsg-9... https://launchpad.net/ubuntu/+source/heimdal/1.7~git20150... https://launchpad.net/ubuntu/+source/heimdal/1.7~git20150... https://launchpad.net/ubuntu/+source/heimdal/1.6~git20131... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...