[Secure-testing-team] Bug#868208: CVE-2017-11103: MitM attack, impersonation of the Kerberos client, know as Orpheus Lyre
Raphael Hertzog
hertzog at debian.org
Thu Jul 13 04:56:22 UTC 2017
Source: heimdal
Severity: grave
Tags: security patch
Version: 1.6~git20120403+dfsg1-2
Hi,
the following vulnerability was published for heimdal.
CVE-2017-11103[0]: MitM attack, impersonation of the Kerberos client, know as Orpheus Lyre
A dedicated website is here:
https://orpheus-lyre.info/
The heimdal patch is here:
https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
All Debian releases are affected (from wheezy to sid).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
Please adjust the affected versions in the BTS as needed.
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
More information about the Secure-testing-team
mailing list