Bug 13858

Please patch CVEs for package heimdal version 7.7.0
  
INFO (CVEs are): heimdal 7.7.0
 cves found
CVE-2021-44758
Desc: Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-44758
Severity: HIGH
CVE-2022-41916
Desc: Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-41916
Severity: HIGH
CVE-2022-42898
Desc: PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-42898
Severity: HIGH
CVE-2022-44640
Desc: Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-44640
Severity: CRITICAL