[ALSA-2023:3097] Moderate: gssntlmssp security update
Type:
security
Severity:
moderate
Release date:
2023-05-19
Description:
The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Security Fix(es): * gssntlmssp: multiple out-of-bounds read when decoding NTLM fields (CVE-2023-25563) * gssntlmssp: memory corruption when decoding UTF16 strings (CVE-2023-25564) * gssntlmssp: incorrect free when decoding target information (CVE-2023-25565) * gssntlmssp: memory leak when parsing usernames (CVE-2023-25566) * gssntlmssp: out-of-bounds read when decoding target information (CVE-2023-25567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 gssntlmssp-1.2.0-1.el8_8.aarch64.rpm 9f2b080b2c099f7beb8fe2544a74c2529b517d889cbd887653ecad6c43f6bd84
ppc64le gssntlmssp-1.2.0-1.el8_8.ppc64le.rpm b7f25c19ad978506b842396d55ddf2cfb56e259d3266cdf08c7912d2ec6f3aef
s390x gssntlmssp-1.2.0-1.el8_8.s390x.rpm 0ca5301d372ec234886f955dea22eeda07f34be9ede4e3cf9f5a48449b682025
x86_64 gssntlmssp-1.2.0-1.el8_8.x86_64.rpm 7123785ba560c693bb9bb73e2d458cc030e076d6c9bf442836782175386865fe
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.