Advisory ROSA-SA-2024-2419

software: heimdal 7.8.0
WASP: ROSA-CHROME

package_evr_string: heimdal-7.8.0-1

CVE-ID: CVE-2021-44758
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: heimdal allowed attackers to cause null pointer dereferencing in the SPNEGO receiver via the preferred_mech_type GSS_C_NO_OID and a non-zero initial_response value for send_accept.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update heimdal

CVE-ID: CVE-2022-41916
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Vulnerable to denial of service in the Heimdal PKI certificate validation library affecting KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications that use libhx509 Heimdal. There are no known solutions to this problem.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update heimdal

CVE-ID: CVE-2022-42898
BDU-ID: 2022-06933
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the PAC (Privileged Attribute Certificate) parameters of the krb5_parse_pac function of the Heimdal and MIT Kerberos packets of the Samba networking program is related to a stack-based buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update heimdal

CVE-ID: CVE-2022-44640
BDU-ID: None
CVE-Crit: CRITICAL.
CVE-DESC.: Heimdal allows remote attackers to execute arbitrary code due to invalid free code in the ASN.1 codec used by the Key Distribution Center (KDC).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update heimdal