From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200404-09.xml | 58 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 metadata/glsa/glsa-200404-09.xml (limited to 'metadata/glsa/glsa-200404-09.xml') diff --git a/metadata/glsa/glsa-200404-09.xml b/metadata/glsa/glsa-200404-09.xml new file mode 100644 index 000000000000..ae644470e378 --- /dev/null +++ b/metadata/glsa/glsa-200404-09.xml @@ -0,0 +1,58 @@ + + + + Cross-realm trust vulnerability in Heimdal + + Heimdal contains cross-realm vulnerability allowing someone with control + over a realm to impersonate anyone in the cross-realm trust path. + + heimdal + 2004-04-09 + 2004-04-09: 01 + 46590 + local + + + 0.6.1 + 0.6.0 + + + +

+ Heimdal is a free implementation of Kerberos 5. +

+ + +

+ Heimdal does not properly perform certain consistency checks for + cross-realm requests, which allows remote attackers with control of a realm + to impersonate others in the cross-realm trust path. +

+ + +

+ Remote attackers with control of a realm may be able to impersonate other + users in the cross-realm trust path. +

+ + +

+ A workaround is not currently known for this issue. All users are advised + to upgrade to the latest version of the affected package. +

+ + +

+ Heimdal users should upgrade to version 0.6.1 or later: +

+ + # emerge sync + + # emerge -pv ">=app-crypt/heimdal-0.6.1" + # emerge ">=app-crypt/heimdal-0.6.1" + + + CVE + + klieber + -- cgit v1.2.3