[Bug 276775] security/heimdal: Update to 7.8 or newer version

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 02 Feb 2024 08:43:32 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276775

            Bug ID: 276775
           Summary: security/heimdal: Update to 7.8 or newer version
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: hrs@FreeBSD.org
          Reporter: thresh416@outlook.com
          Assignee: hrs@FreeBSD.org
             Flags: maintainer-feedback?(hrs@FreeBSD.org)

CVE-2020-10188 is a security vulnerability in telnetd. As
https://github.com/freebsd/freebsd-src/commit/5760cb266e0ab04c221c2acdb4b6c4c141130ecd
said, freebsd has fixed this CVE in contrib/telnet/telnetd/utility.c. However,
I've found that in heimdal, which is used in ravynos to encrypt and decrypt,
also uses telnetd. That is to say freebsd may still contains this security
vulnerability which will result in arbitrary code execution. The file which
contains vulnerable functions is crypto/heimdal/appl/telnet/telnetd/utility.c.
Update the heimdal to 7.8 or a newer verison may help to solve this, since
heimdal had already remove telnet support in
https://github.com/heimdal/heimdal/commit/e55b0d0ca5038a8101276a593ffbb6be4c27c8d0.

-- 
You are receiving this mail because:
You are the assignee for the bug.