Source: heimdal Version: 7.7.0+dfsg-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 7.5.0+dfsg-3
Hi, The following vulnerability was published for heimdal. CVE-2021-3671[0]: | A null pointer de-reference was found in the way samba kerberos server | handled missing sname in TGS-REQ (Ticket Granting Server - Request). | An authenticated user could use this flaw to crash the samba server. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3671 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671 [1] https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a [2] https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a Regards, Salvatore