Information on source package heimdal

Available versions

ReleaseVersion
jessie1.6~rc2+dfsg-9+deb8u3
stretch7.1.0+dfsg-13+deb9u4
stretch (security)7.1.0+dfsg-13+deb9u3
buster7.5.0+dfsg-3+deb10u2
bullseye7.7.0+dfsg-2+deb11u3
bookworm7.8.git20221117.28daf24+dfsg-2
trixie7.8.git20221117.28daf24+dfsg-8
sid7.8.git20221117.28daf24+dfsg-8

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2019-12098vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedIn the client side of Heimdal before 7.6.0, failure to verify anonymou ...
CVE-2017-6594vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedThe transit path validation code in Heimdal before 7.3 might allow att ...

Resolved issues

BugDescription
CVE-2022-45142The fix for CVE-2022-3437 included changing memcmp to be constant time ...
CVE-2022-44640Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ...
CVE-2022-42898PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x befo ...
CVE-2022-41916Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ...
CVE-2022-3437A heap-based buffer overflow vulnerability was found in Samba within t ...
CVE-2022-3116The Heimdal Software Kerberos 5 implementation is vulnerable to a null ...
CVE-2021-44758Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ...
CVE-2021-3671A null pointer de-reference was found in the way samba kerberos server ...
CVE-2019-14870All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...
CVE-2018-16860A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x ...
CVE-2017-17439In Heimdal through 7.4, remote unauthenticated attackers are able to c ...
CVE-2017-11103Heimdal before 7.4 allows remote attackers to impersonate services wit ...
CVE-2011-4862Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 throu ...
CVE-2010-1321The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-AP ...
CVE-2007-5939The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 ...
CVE-2006-0677telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows re ...
CVE-2006-0582Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0. ...
CVE-2005-2040Multiple buffer overflows in the getterminaltype function in telnetd f ...
CVE-2005-0469Buffer overflow in the slc_add_reply function in various BSD-based Tel ...
CVE-2004-0434k5admind (kadmind) for Heimdal allows remote attackers to execute arbi ...
CVE-2004-0371Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly pe ...
CVE-2003-0138Version 4 of the Kerberos protocol (krb4), as used in Heimdal and othe ...
CVE-2002-1235The kadm_ser_in function in (1) the Kerberos v4compatibility administr ...
CVE-2002-1226Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, pos ...
CVE-2002-1225Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...

Security announcements

DSA / DLADescription
ELA-797-1heimdal - security update
DSA-5344-1heimdal - security update
DLA-3311-1heimdal - security update
ELA-795-1heimdal - security update
DLA-3206-1heimdal - security update
DSA-5287-1heimdal - security update
DSA-4455-1heimdal - security update
DSA-4055-1heimdal - security update
DSA-3912-1heimdal - security update
DLA-1027-1heimdal - security update
DSA-2372-1heimdal - buffer overflow
DSA-977-1heimdal - several
DSA-765-1heimdal - buffer overflow
DSA-758-1heimdal - buffer overflow
DSA-504heimdal - missing input sanitising
DSA-476heimdal - cross-realm
DSA-269heimdal - Cryptographic weakness
DSA-185heimdal - buffer overflow
DSA-178heimdal - remote command execution

Search for package or bug name: Reporting problems