Dear Heimdal Community,

A team consisting of staff from Two Sigma Open Source and AuriStor are
pleased to announce the release of Heimdal 7.4.

The release download page is:

The source tarball can be downloaded from:

    SHA1(heimdal-7.4.0.tar.gz)= e496db36f8a232c3b1aa87a1e08f299b6f8f57a5

The signature key fingerprint is: E659 41B7 1CF3 C459 A34F  A89C 45E7 572A 28CD 

Changes in Heimdal 7.4:


 - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation

   This is a critical vulnerability.

   In _krb5_extract_ticket() the KDC-REP service name must be obtained from
   encrypted version stored in 'enc_part' instead of the unencrypted version
   stored in 'ticket'.  Use of the unecrypted version provides an
   opportunity for successful server impersonation and other attacks.

   Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

   See for more details.

   The Heimdal Release Team.

Reply via email to