Packages
- heimdal - Heimdal Kerberos Network Authentication Protocol
Details
Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was
not properly performing checksum algorithm verifications in the
S4U2Self extension module. An attacker could possibly use this issue
to perform a machine-in-the-middle attack and request S4U2Self
tickets for any user known by the application. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
(CVE-2018-16860)
It was discovered that Heimdal was not properly handling the
verification of key exchanges when an anonymous PKINIT was being
used. An attacker could possibly use this issue to perform a
machine-in-the-middle attack and expose sensitive information.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 18.04 LTS. (CVE-2019-12098)
Joseph Sutton discovered that Heimdal was not properly handling
memory management operations...
Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was
not properly performing checksum algorithm verifications in the
S4U2Self extension module. An attacker could possibly use this issue
to perform a machine-in-the-middle attack and request S4U2Self
tickets for any user known by the application. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
(CVE-2018-16860)
It was discovered that Heimdal was not properly handling the
verification of key exchanges when an anonymous PKINIT was being
used. An attacker could possibly use this issue to perform a
machine-in-the-middle attack and expose sensitive information.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 18.04 LTS. (CVE-2019-12098)
Joseph Sutton discovered that Heimdal was not properly handling
memory management operations when dealing with TGS-REQ tickets that
were missing information. An attacker could possibly use this issue
to cause a denial of service. (CVE-2021-3671)
Michał Kępień discovered that Heimdal was not properly handling
logical conditions that related to memory management operations. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2022-3116)
Update instructions
After a standard system update you need to restart any application using Heimdal libraries to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 20.04 focal | libgssapi3-heimdal – 7.7.0+dfsg-1ubuntu1.1 | ||
| heimdal-kcm – 7.7.0+dfsg-1ubuntu1.1 | |||
| heimdal-kdc – 7.7.0+dfsg-1ubuntu1.1 | |||
| libkdc2-heimdal – 7.7.0+dfsg-1ubuntu1.1 | |||
| heimdal-servers – 7.7.0+dfsg-1ubuntu1.1 | |||
| libkrb5-26-heimdal – 7.7.0+dfsg-1ubuntu1.1 | |||
| heimdal-clients – 7.7.0+dfsg-1ubuntu1.1 | |||
| 18.04 bionic | libgssapi3-heimdal – 7.5.0+dfsg-1ubuntu0.1 | ||
| heimdal-kcm – 7.5.0+dfsg-1ubuntu0.1 | |||
| heimdal-kdc – 7.5.0+dfsg-1ubuntu0.1 | |||
| libkdc2-heimdal – 7.5.0+dfsg-1ubuntu0.1 | |||
| heimdal-servers – 7.5.0+dfsg-1ubuntu0.1 | |||
| libkrb5-26-heimdal – 7.5.0+dfsg-1ubuntu0.1 | |||
| heimdal-clients – 7.5.0+dfsg-1ubuntu0.1 | |||
| 16.04 xenial | libgssapi3-heimdal – 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 | ||
| heimdal-kcm – 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 | |||
| heimdal-kdc – 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 | |||
| libkdc2-heimdal – 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 | |||
| heimdal-servers – 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 | |||
| libkrb5-26-heimdal – 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 | |||
| heimdal-clients – 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 | |||
| 14.04 trusty | heimdal-servers-x – 1.6~git20131207+dfsg-1ubuntu1.2+esm1 | ||
| libgssapi3-heimdal – 1.6~git20131207+dfsg-1ubuntu1.2+esm1 | |||
| heimdal-kcm – 1.6~git20131207+dfsg-1ubuntu1.2+esm1 | |||
| heimdal-kdc – 1.6~git20131207+dfsg-1ubuntu1.2+esm1 | |||
| libkdc2-heimdal – 1.6~git20131207+dfsg-1ubuntu1.2+esm1 | |||
| heimdal-servers – 1.6~git20131207+dfsg-1ubuntu1.2+esm1 | |||
| heimdal-clients-x – 1.6~git20131207+dfsg-1ubuntu1.2+esm1 | |||
| libkrb5-26-heimdal – 1.6~git20131207+dfsg-1ubuntu1.2+esm1 | |||
| heimdal-clients – 1.6~git20131207+dfsg-1ubuntu1.2+esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.