rpm package
opensuse/libheimdal&distro=openSUSE Leap 15.0
pkg:rpm/opensuse/libheimdal&distro=openSUSE%20Leap%2015.0
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16860 | — | < 7.7.0-lp151.3.3.1 | 7.7.0-lp151.3.3.1 | Jul 31, 2019 | A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and repla | ||
| CVE-2019-12098 | Hig | 7.4 | < 7.7.0-lp151.3.3.1 | 7.7.0-lp151.3.3.1 | May 15, 2019 | In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. |
- CVE-2018-16860Jul 31, 2019affected < 7.7.0-lp151.3.3.1fixed 7.7.0-lp151.3.3.1
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and repla
- affected < 7.7.0-lp151.3.3.1fixed 7.7.0-lp151.3.3.1
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.