Bug 238635 - security/heimdal: Update to 7.7 (7.6 and 7.7 addresses two CVEs plus bugfixes)
Summary: security/heimdal: Update to 7.7 (7.6 and 7.7 addresses two CVEs plus bugfixes)
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Hiroki Sato
URL:
Keywords: needs-patch, security
Depends on:
Blocks:
 
Reported: 2019-06-17 02:02 UTC by dewayne
Modified: 2019-06-17 04:01 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback? (hrs)
koobs: merge-quarterly?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description dewayne 2019-06-17 02:02:50 UTC
Heimdal 7.7.0 continues to address shortcomings and performance improvements that were identified in heimdal 7.6.0.

Heimdal 7.6.0 addresses various bug fixes including two CVE's, which both enable MITM while using PKINIT:
CVE-2018-16860
CVE-2019-12098
in addition, support for anonymous TGS-req and AS-req are fixed.

These vulnerabilities exist in heimdal from version 0.8 to 7.5.0 (FreeBSD's current implementation)

Ref: 
https://www.samba.org/samba/security/CVE-2018-16860.html
https://www.cvedetails.com/cve/CVE-2019-12098/  CVE score 5.8