{"affected":[{"ecosystem_specific":{"binaries":[{"libasn1-8":"7.8.0-bp154.2.4.1","libgssapi3":"7.8.0-bp154.2.4.1","libhcrypto4":"7.8.0-bp154.2.4.1","libhdb9":"7.8.0-bp154.2.4.1","libheimbase1":"7.8.0-bp154.2.4.1","libheimdal-devel":"7.8.0-bp154.2.4.1","libheimedit0":"7.8.0-bp154.2.4.1","libheimntlm0":"7.8.0-bp154.2.4.1","libhx509-5":"7.8.0-bp154.2.4.1","libkadm5clnt7":"7.8.0-bp154.2.4.1","libkadm5srv8":"7.8.0-bp154.2.4.1","libkafs0":"7.8.0-bp154.2.4.1","libkdc2":"7.8.0-bp154.2.4.1","libkrb5-26":"7.8.0-bp154.2.4.1","libotp0":"7.8.0-bp154.2.4.1","libroken18":"7.8.0-bp154.2.4.1","libsl0":"7.8.0-bp154.2.4.1","libwind0":"7.8.0-bp154.2.4.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"libheimdal","purl":"pkg:rpm/suse/libheimdal&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.8.0-bp154.2.4.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libasn1-8":"7.8.0-bp154.2.4.1","libgssapi3":"7.8.0-bp154.2.4.1","libhcrypto4":"7.8.0-bp154.2.4.1","libhdb9":"7.8.0-bp154.2.4.1","libheimbase1":"7.8.0-bp154.2.4.1","libheimdal-devel":"7.8.0-bp154.2.4.1","libheimedit0":"7.8.0-bp154.2.4.1","libheimntlm0":"7.8.0-bp154.2.4.1","libhx509-5":"7.8.0-bp154.2.4.1","libkadm5clnt7":"7.8.0-bp154.2.4.1","libkadm5srv8":"7.8.0-bp154.2.4.1","libkafs0":"7.8.0-bp154.2.4.1","libkdc2":"7.8.0-bp154.2.4.1","libkrb5-26":"7.8.0-bp154.2.4.1","libotp0":"7.8.0-bp154.2.4.1","libroken18":"7.8.0-bp154.2.4.1","libsl0":"7.8.0-bp154.2.4.1","libwind0":"7.8.0-bp154.2.4.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"libheimdal","purl":"pkg:rpm/opensuse/libheimdal&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.8.0-bp154.2.4.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libheimdal fixes the following issues:\n\nUpdate to version 7.8.0\n\n- CVE-2022-42898 PAC parse integer overflows\n- CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour\n- CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array\n- CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors\n- CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ\n- CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec\n- CVE-2019-14870: Validate client attributes in protocol-transition\n","id":"openSUSE-SU-2023:0019-1","modified":"2023-01-16T08:42:44Z","published":"2023-01-16T08:42:44Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WO45C5LQHPOWEJHKWCXPWLI54XMTTYQP/"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14870"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3671"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-44758"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3437"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-41916"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-42898"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-44640"}],"related":["CVE-2019-14870","CVE-2021-3671","CVE-2021-44758","CVE-2022-3437","CVE-2022-41916","CVE-2022-42898","CVE-2022-44640"],"summary":"Security update for libheimdal","upstream":["CVE-2019-14870","CVE-2021-3671","CVE-2021-44758","CVE-2022-3437","CVE-2022-41916","CVE-2022-42898","CVE-2022-44640"]}