@cf-buildpacks-eng cf-buildpacks-eng released this Jul 14, 2017 · 123 commits to master since this release

Assets 3

Notably, this release addresses:

USN-3353-1 Ubuntu Security Notice USN-3353-1:

  • CVE-2017-11103: Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
-ii  libasn1-8-heimdal:amd64    1.6~git20131207+dfsg-1ubuntu1.1  amd64  Heimdal Kerberos - ASN.1 library
+ii  libasn1-8-heimdal:amd64    1.6~git20131207+dfsg-1ubuntu1.2  amd64  Heimdal Kerberos - ASN.1 library
-ii  libgssapi3-heimdal:amd64   1.6~git20131207+dfsg-1ubuntu1.1  amd64  Heimdal Kerberos - GSSAPI support library
+ii  libgssapi3-heimdal:amd64   1.6~git20131207+dfsg-1ubuntu1.2  amd64  Heimdal Kerberos - GSSAPI support library
-ii  libhcrypto4-heimdal:amd64  1.6~git20131207+dfsg-1ubuntu1.1  amd64  Heimdal Kerberos - crypto library
-ii  libheimbase1-heimdal:amd64 1.6~git20131207+dfsg-1ubuntu1.1  amd64  Heimdal Kerberos - Base library
-ii  libheimntlm0-heimdal:amd64 1.6~git20131207+dfsg-1ubuntu1.1  amd64  Heimdal Kerberos - NTLM support library
-ii  libhx509-5-heimdal:amd64   1.6~git20131207+dfsg-1ubuntu1.1  amd64  Heimdal Kerberos - X509 support library
+ii  libhcrypto4-heimdal:amd64  1.6~git20131207+dfsg-1ubuntu1.2  amd64  Heimdal Kerberos - crypto library
+ii  libheimbase1-heimdal:amd64 1.6~git20131207+dfsg-1ubuntu1.2  amd64  Heimdal Kerberos - Base library
+ii  libheimntlm0-heimdal:amd64 1.6~git20131207+dfsg-1ubuntu1.2  amd64  Heimdal Kerberos - NTLM support library
+ii  libhx509-5-heimdal:amd64   1.6~git20131207+dfsg-1ubuntu1.2  amd64  Heimdal Kerberos - X509 support library
-ii  libkrb5-26-heimdal:amd64   1.6~git20131207+dfsg-1ubuntu1.1  amd64  Heimdal Kerberos - libraries
+ii  libkrb5-26-heimdal:amd64   1.6~git20131207+dfsg-1ubuntu1.2  amd64  Heimdal Kerberos - libraries
-ii  libroken18-heimdal:amd64   1.6~git20131207+dfsg-1ubuntu1.1  amd64  Heimdal Kerberos - roken support library
+ii  libroken18-heimdal:amd64   1.6~git20131207+dfsg-1ubuntu1.2  amd64  Heimdal Kerberos - roken support library
-ii  libwind0-heimdal:amd64     1.6~git20131207+dfsg-1ubuntu1.1  amd64  Heimdal Kerberos - stringprep implementation
+ii  libwind0-heimdal:amd64     1.6~git20131207+dfsg-1ubuntu1.2  amd64  Heimdal Kerberos - stringprep implementation