OPENSUSE-SU-2023:0019-1
Advisory lineage Upstream: 7 Downstream: 0
Published: 16 Jan 2023, 08:42
Last modified:04 Feb 2026, 03:44
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Jan 2023, 08:42
Published
Vulnerability first disclosed
04 Feb 2026, 03:44
Last Modified
Vulnerability information updated
Description
Security update for libheimdal This update for libheimdal fixes the following issues: Update to version 7.8.0 - CVE-2022-42898 PAC parse integer overflows - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour - CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array - CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors - CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec - CVE-2019-14870: Validate client attributes in protocol-transition
Affected Systems
- opensuse•libheimdal&distro=openSUSE Leap 15.4
< 7.8.0-bp154.2.4.1
- suse•libheimdal&distro=SUSE Package Hub 15 SP4
< 7.8.0-bp154.2.4.1
References (8)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WO45C5LQHPOWEJHKWCXPWLI54XMTTYQP/
- https://www.suse.com/security/cve/CVE-2019-14870
- https://www.suse.com/security/cve/CVE-2021-3671
- https://www.suse.com/security/cve/CVE-2021-44758
- https://www.suse.com/security/cve/CVE-2022-3437
- https://www.suse.com/security/cve/CVE-2022-41916
- https://www.suse.com/security/cve/CVE-2022-42898
- https://www.suse.com/security/cve/CVE-2022-44640