Date: Fri, 02 Feb 2024 08:43:32 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 276775] security/heimdal: Update to 7.8 or newer version Message-ID: <bug-276775-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276775 Bug ID: 276775 Summary: security/heimdal: Update to 7.8 or newer version Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: hrs@FreeBSD.org Reporter: thresh416@outlook.com Assignee: hrs@FreeBSD.org Flags: maintainer-feedback?(hrs@FreeBSD.org) CVE-2020-10188 is a security vulnerability in telnetd. As https://github.com/freebsd/freebsd-src/commit/5760cb266e0ab04c221c2acdb4b6c= 4c141130ecd said, freebsd has fixed this CVE in contrib/telnet/telnetd/utility.c. Howev= er, I've found that in heimdal, which is used in ravynos to encrypt and decrypt, also uses telnetd. That is to say freebsd may still contains this security vulnerability which will result in arbitrary code execution. The file which contains vulnerable functions is crypto/heimdal/appl/telnet/telnetd/utility= .c. Update the heimdal to 7.8 or a newer verison may help to solve this, since heimdal had already remove telnet support in https://github.com/heimdal/heimdal/commit/e55b0d0ca5038a8101276a593ffbb6be4= c27c8d0. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-276775-7788>