发布于3月6日3月6日 Members Debian: CVE-2022-45142: heimdal -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/10/2023 Created 02/11/2023 Added 02/10/2023 Modified 01/30/2025 Description The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. Solution(s) debian-upgrade-heimdal References https://attackerkb.com/topics/cve-2022-45142 CVE - 2022-45142 DLA-3311-1 DSA-5344-1
