[Bug 238635] security/heimal update to 7.6 and 7.7 addresses two CVEs plus bugfixes.

Mon Jun 17 02:02:55 UTC 2019

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238635

            Bug ID: 238635
           Summary: security/heimal update to 7.6 and 7.7 addresses two
                    CVEs plus bugfixes.
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs at FreeBSD.org
          Reporter: dewayne at heuristicsystems.com.au

Heimdal 7.7.0 continues to address shortcomings and performance improvements
that were identified in heimdal 7.6.0.

Heimdal 7.6.0 addresses various bug fixes including two CVE's, which both
enable MITM while using PKINIT:
CVE-2018-16860
CVE-2019-12098
in addition, support for anonymous TGS-req and AS-req are fixed.

These vulnerabilities exist in heimdal from version 0.8 to 7.5.0 (FreeBSD's
current implementation)

Ref: 
https://www.samba.org/samba/security/CVE-2018-16860.html
https://www.cvedetails.com/cve/CVE-2019-12098/  CVE score 5.8

-- 
You are receiving this mail because:
You are the assignee for the bug.