Helmut Grohne discovered a flaw in Heimdal, an implementation of
Kerberos 5 that aims to be compatible with MIT Kerberos. The backports
of fixes for CVE-2022-3437 accidentally inverted important memory
comparisons in the arcfour-hmac-md5 and rc4-hmac integrity check
handlers for gssapi, resulting in incorrect validation of message
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your heimdal packages.