Bug#868208: marked as done (CVE-2017-11103: MitM attack, impersonation of the Kerberos client, know as Orpheus Lyre)

Sun, 16 Jul 2017 11:36:49 -0700 

Your message dated Sun, 16 Jul 2017 18:32:56 +0000
with message-id <[email protected]>
and subject line Bug#868208: fixed in heimdal 7.1.0+dfsg-13+deb9u1
has caused the Debian Bug report #868208,
regarding CVE-2017-11103: MitM attack, impersonation of the Kerberos client, 
know as Orpheus Lyre
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
868208: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868208
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: heimdal
Severity: grave
Tags: security patch
Version: 1.6~git20120403+dfsg1-2

Hi,

the following vulnerability was published for heimdal.

CVE-2017-11103[0]: MitM attack, impersonation of the Kerberos client, know as 
Orpheus Lyre

A dedicated website is here:
https://orpheus-lyre.info/

The heimdal patch is here:
https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea

All Debian releases are affected (from wheezy to sid).

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11103
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103

Please adjust the affected versions in the BTS as needed.

-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

--- End Message ---
--- Begin Message --- 
Source: heimdal
Source-Version: 7.1.0+dfsg-13+deb9u1

We believe that the bug you reported is fixed in the latest version of
heimdal, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated heimdal package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 16 Jul 2017 09:41:52 +0200
Source: heimdal
Binary: heimdal-docs heimdal-kdc heimdal-multidev heimdal-dev heimdal-clients 
heimdal-kcm heimdal-servers heimdal-dbg libheimbase1-heimdal libasn1-8-heimdal 
libkrb5-26-heimdal libhdb9-heimdal libkadm5srv8-heimdal libkadm5clnt7-heimdal 
libgssapi3-heimdal libkafs0-heimdal libroken18-heimdal libotp0-heimdal 
libsl0-heimdal libkdc2-heimdal libhx509-5-heimdal libheimntlm0-heimdal 
libwind0-heimdal libhcrypto4-heimdal
Architecture: source
Version: 7.1.0+dfsg-13+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Brian May <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 868208
Description: 
 heimdal-clients - Heimdal Kerberos - clients
 heimdal-dbg - Heimdal Kerberos - debugging symbols
 heimdal-dev - Heimdal Kerberos - development files
 heimdal-docs - Heimdal Kerberos - documentation
 heimdal-kcm - Heimdal Kerberos - KCM daemon
 heimdal-kdc - Heimdal Kerberos - key distribution center (KDC)
 heimdal-multidev - Heimdal Kerberos - Multi-implementation Development
 heimdal-servers - Heimdal Kerberos - server programs
 libasn1-8-heimdal - Heimdal Kerberos - ASN.1 library
 libgssapi3-heimdal - Heimdal Kerberos - GSSAPI support library
 libhcrypto4-heimdal - Heimdal Kerberos - crypto library
 libhdb9-heimdal - Heimdal Kerberos - kadmin server library
 libheimbase1-heimdal - Heimdal Kerberos - Base library
 libheimntlm0-heimdal - Heimdal Kerberos - NTLM support library
 libhx509-5-heimdal - Heimdal Kerberos - X509 support library
 libkadm5clnt7-heimdal - Heimdal Kerberos - kadmin client library
 libkadm5srv8-heimdal - Libraries for Heimdal Kerberos
 libkafs0-heimdal - Heimdal Kerberos - KAFS support library
 libkdc2-heimdal - Heimdal Kerberos - KDC support library
 libkrb5-26-heimdal - Heimdal Kerberos - libraries
 libotp0-heimdal - Heimdal Kerberos - OTP support library
 libroken18-heimdal - Heimdal Kerberos - roken support library
 libsl0-heimdal - Heimdal Kerberos - SL support library
 libwind0-heimdal - Heimdal Kerberos - stringprep implementation
Changes:
 heimdal (7.1.0+dfsg-13+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
     (Closes: #868208)
Checksums-Sha1: 
 40cadcce2ee9f636009aa56a94257b182c7b27c3 3822 heimdal_7.1.0+dfsg-13+deb9u1.dsc
 8d808fa1eeb26c6263cc3b0b4c13bcf4c84ed268 8959650 heimdal_7.1.0+dfsg.orig.tar.gz
 79646fef8a0ab32a05668d48f71546a328fdd0fd 69600 
heimdal_7.1.0+dfsg-13+deb9u1.debian.tar.xz
Checksums-Sha256: 
 78b48d4bbdced8c4026d1ca6f6f4ea6ac5a7e921b1143444ff104a7c3506de50 3822 
heimdal_7.1.0+dfsg-13+deb9u1.dsc
 47a1439910d05ea884ad254646e7c48a9400a2c30f087ed8e8e0854697a480f9 8959650 
heimdal_7.1.0+dfsg.orig.tar.gz
 49abab3006dc83c0b46e66c5895ba685e9cd20e378c9c9cf1c21bbf2e4f0bf9b 69600 
heimdal_7.1.0+dfsg-13+deb9u1.debian.tar.xz
Files: 
 8e23cb1f907ab1f8e1bf2fa2e01671a8 3822 net optional 
heimdal_7.1.0+dfsg-13+deb9u1.dsc
 8a0ef9f85770b7a35072f0f32ec671ea 8959650 net optional 
heimdal_7.1.0+dfsg.orig.tar.gz
 78a212a5058cf54d8c5d42a6acd0569b 69600 net optional 
heimdal_7.1.0+dfsg-13+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllrHIpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EqdAP+wQf1t5T9D7YiMfbnuSBFRdGS1vuAxY0
Sp/QkTdrwNApfLNx/2k53g0z/v2zubu+i24qmT8eaWAH580FfFsHNod7lc1pFLey
L/PeIbKWl9mQmjoqlYDGEfxpudKOFj4KxTKee8EkheZOrjzNYKHpLUacmnzevuSe
mpCzEf9FN2IeWW12rq5avZm+6CNRJgROcodqcy7XO3TGnlC67H390q9lczxItPcR
FfarqcMobfbEYhTnaJamDrMxcsslEOGQKsqz9z617ihqBXdaYEWOgJJLHGLKEi4o
WQEpYIYCJdX/B5AIdwbWb6LRT+VFXC4OoxdQiTbGtBxS2+bEi3vi9TU+jf2qIHTZ
D2OEf3WZAAeTVFNWkjolmdbRiXdClh4u33CbG2WZRo05icgdQHGNJ8WmbgKFfww2
KLClRvvRGAVynAidE3tcct0tn2YLKL3iYVaqon7dXAkuxHyohwLab9dVZIIecK9j
iCON8sGQXq2YvOjd7K98yJX0l76PFmTMwWIw8uy3oNhk5gUx74CtcPthTO0raVLs
rth7vVEBcwJX4txN7meC+h59XcR5rTx5yVgKs0+uXNp7kzR/Xt02OxuaEsoc1/EQ
6Q02RLP9/6kk31x83teVcHVg7JkP1oWYbonPbMvc4DYCx8Sas5fGzuFcsUrXbZwZ
aceh7JaSkoWC
=8h5k
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to