Candidate: CVE-2019-12098
PublicDate: 2019-05-15 23:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12098
 http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html
 https://github.com/heimdal/heimdal/compare/3e58559...bbafe72
 https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0
Description:
 In the client side of Heimdal before 7.6.0, failure to verify anonymous
 PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This
 issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
Ubuntu-Description:
Notes:
 leosilva> it fails with a FTBFS on certs tests. This issue is probably related:
 leosilva> https://github.com/heimdal/heimdal/issues/533.
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N [7.4 HIGH]
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N [7.4 HIGH]


Patches_heimdal:
 upstream: https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf
upstream_heimdal: needs-triage
precise/esm_heimdal: ignored (end of ESM support, was needed)
trusty_heimdal: ignored (out of standard support)
trusty/esm_heimdal: needed
xenial_heimdal: ignored (end of standard support, was needed)
esm-infra/xenial_heimdal: needed
bionic_heimdal: needed
cosmic_heimdal: ignored (reached end-of-life)
disco_heimdal: ignored (reached end-of-life)
eoan_heimdal: not-affected (7.5.0+dfsg-3build1)
focal_heimdal: not-affected (7.5.0+dfsg-3build1)
groovy_heimdal: not-affected (7.5.0+dfsg-3build1)
hirsute_heimdal: not-affected (7.5.0+dfsg-3build1)
impish_heimdal: not-affected (7.5.0+dfsg-3build1)
jammy_heimdal: not-affected (7.5.0+dfsg-3build1)
devel_heimdal: not-affected (7.5.0+dfsg-3build1)