Skip to content

0.9.17

Choose a tag to compare

View all tags
@dmulder dmulder released this 26 Jun 16:52
· 1455 commits to main since this release
0.9.17
4a97692
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security Fix

  • Offline Hello PIN Authentication Bypass (CVE-2025-53013): This release addresses a critical vulnerability where an attacker with physical access to an offline host could authenticate to any user account using an invalid Linux Hello PIN. This issue was introduced in Himmelblau 0.9.10 (April 21, 2025 release). While Single Sign-On (SSO) would fail due to the network being down, local system access was granted. This vulnerability does not affect Rocky Linux 8 and variants.
    • Workaround: Users unable to upgrade immediately can mitigate this vulnerability by disabling Hello PIN authentication. Set enable_hello = false in /etc/himmelblau/himmelblau.conf.

Select the packages for your distribution here: https://himmelblau-idm.org/downloads.html

Full Changelog: 0.9.16...0.9.17

Assets 56
Loading