Mageia alert MGASA-2017-0308 (heimdal) [LWN.net]

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2017-0308: Updated heimdal packages fix security vulnerability 
Date:
    	       Fri, 25 Aug 2017 22:36:33 +0200
Message-ID:
    	       <20170825203633.883899F871@duvel.mageia.org>
MGASA-2017-0308 - Updated heimdal packages fix security vulnerability

Publication date: 25 Aug 2017
URL: http://advisories.mageia.org/MGASA-2017-0308.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2017-6594

Description:
Transit path validation inadvertently caused the previous hop realm to
not be added to the transit path of issued tickets. This may, in some
cases, enable bypass of capath policy in Heimdal versions 1.5 through
7.2 (CVE-2017-6594).

Note, this may break sites that rely on the bug. With the bug some
incomplete [capaths] worked, that should not have. These may now break
authentication in some cross-realm configurations.

References:
- https://bugs.mageia.org/show_bug.cgi?id=21550
- https://lists.opensuse.org/opensuse-updates/2017-08/msg00...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594

SRPMS:
- 5/core/heimdal-1.5.3-6.2.mga5

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2017-0308: Updated heimdal packages fix security vulnerability
Date:		Fri, 25 Aug 2017 22:36:33 +0200
Message-ID:		<20170825203633.883899F871@duvel.mageia.org>