Candidate: CVE-2017-6594
PublicDate: 2017-08-28 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594
Description:
 The transit path validation code in Heimdal before 7.3 might allow
 attackers to bypass the capath policy protection mechanism by leveraging
 failure to add the previous hop realm to the transit path of issued
 tickets.
Ubuntu-Description:
Notes:
 ratliff> Upstream: "[the fix] may break sites that rely on the bug."
 mdeslaur> heimdal-kdc package is in universe
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_heimdal:
 upstream: https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
Tags_heimdal: universe-binary
upstream_heimdal: released (7.1.0+dfsg-12)
precise_heimdal: ignored (reached end-of-life)
precise/esm_heimdal: ignored (end of ESM support, was needed)
trusty_heimdal: ignored (reached end-of-life)
trusty/esm_heimdal: needed
vivid/stable-phone-overlay_heimdal: ignored (reached end-of-life)
vivid/ubuntu-core_heimdal: ignored (reached end-of-life)
xenial_heimdal: ignored (end of standard support, was needed)
esm-infra/xenial_heimdal: needed
yakkety_heimdal: ignored (reached end-of-life)
zesty_heimdal: ignored (reached end-of-life)
artful_heimdal: not-affected (7.4.0.dfsg.1-2)
bionic_heimdal: not-affected (7.4.0.dfsg.1-2)
cosmic_heimdal: not-affected (7.4.0.dfsg.1-2)
disco_heimdal: not-affected (7.4.0.dfsg.1-2)
eoan_heimdal: not-affected (7.4.0.dfsg.1-2)
focal_heimdal: not-affected (7.4.0.dfsg.1-2)
groovy_heimdal: not-affected (7.4.0.dfsg.1-2)
hirsute_heimdal: not-affected (7.4.0.dfsg.1-2)
impish_heimdal: not-affected (7.4.0.dfsg.1-2)
jammy_heimdal: not-affected (7.4.0.dfsg.1-2)
devel_heimdal: not-affected (7.4.0.dfsg.1-2)