Date: Mon, 17 Jun 2019 02:02:50 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 238635] security/heimal update to 7.6 and 7.7 addresses two CVEs plus bugfixes. Message-ID: <bug-238635-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238635 Bug ID: 238635 Summary: security/heimal update to 7.6 and 7.7 addresses two CVEs plus bugfixes. Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: dewayne@heuristicsystems.com.au Heimdal 7.7.0 continues to address shortcomings and performance improvements that were identified in heimdal 7.6.0. Heimdal 7.6.0 addresses various bug fixes including two CVE's, which both enable MITM while using PKINIT: CVE-2018-16860 CVE-2019-12098 in addition, support for anonymous TGS-req and AS-req are fixed. These vulnerabilities exist in heimdal from version 0.8 to 7.5.0 (FreeBSD's current implementation) Ref:=20 https://www.samba.org/samba/security/CVE-2018-16860.html https://www.cvedetails.com/cve/CVE-2019-12098/ CVE score 5.8 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238635-7788>