Summary: | <app-crypt/heimdal-7.4.0: Orpheus' Lyre KDC-REP service name validation | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | john_r_graham, kerberos, samba |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
app-crypt/heimdal-7.4.0
|
Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2017-07-12 11:55:37 UTC
Arches, please test and mark stable =app-crypt/heimdal-7.4.0 Thank you. @samba: Can you please comment on whether we're affected by samba embedding c.f comment 1 (i.e whether we unbundle heimdal and use system libraries)? If we embed it in any form please clone this bug and create a tracker. The Samba Security Announcement states: Samba versions built against MIT Kerberos are not impacted. Unless you are running Samba as an AD DC, then rebuild samba using: ./configure --with-system-mitkrb5. Our in-tree ebuilds do appear to already use this configure option. (In reply to John R. Graham from comment #4) > The Samba Security Announcement states: > > Samba versions built against MIT Kerberos are not impacted. Unless > you are running Samba as an AD DC, then rebuild samba using: > > ./configure --with-system-mitkrb5. > > Our in-tree ebuilds do appear to already use this configure option. Thank you for the confirmation Stable on alpha. (In reply to Tobias Klausmann from comment #6) > Stable on alpha. Bullshit. Amd64 stable. ia64 stable Stable on alpha. arm stable x86 stable sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9 ppc/ppc64 stable ohhhhhhhhhh HPPA.... hppa stable GLSA Vote: No Maintainer(s), please clean the vulnerable versions. cleanup done Thank you all |