USN-3353-1: Heimdal vulnerability

Releases

• Ubuntu 17.04
• Ubuntu 16.10
• Ubuntu 16.04 ESM
• Ubuntu 14.04 ESM

Packages

• heimdal - Heimdal Kerberos Network Authentication Protocol

Details

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered
that Heimdal clients incorrectly trusted unauthenticated portions
of Kerberos tickets. A remote attacker could use this to impersonate
trusted network services or perform other attacks.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.04

• libkrb5-26-heimdal - 7.1.0+dfsg-9ubuntu1.1

Ubuntu 16.10

• libkrb5-26-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.10.1

Ubuntu 16.04

• libkrb5-26-heimdal - 1.7~git20150920+dfsg-4ubuntu1.16.04.1

Ubuntu 14.04

• libkrb5-26-heimdal - 1.6~git20131207+dfsg-1ubuntu1.2

After a standard system update you need to restart any applications
using Heimdal libraries to make all the necessary changes.

References

• CVE-2017-11103

Related notices

• USN-3353-4: libsmbclient, samba
• USN-3353-3: heimdal, libkrb5-26-heimdal
• USN-3353-2: ctdb, libnss-winbind, libwbclient0, samba-libs, libpam-smbpass, libpam-winbind, samba-common, samba-vfs-modules, libsmbclient-dev, smbclient, libparse-pidl-perl, samba-common-bin, samba-dsdb-modules, samba-testsuite, winbind, samba-dev, samba-doc, libsmbclient, libwbclient-dev, samba, python-samba, registry-tools, libsmbsharemodes0, libsmbsharemodes-dev