ELSA-2023-3097

ELSA-2023-3097 - gssntlmssp security update

Type:SECURITY
Severity:MODERATE
Release Date:2023-05-24

Description


[1.2.0-1]
- New release 1.2.0
- Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields
- Fix CVE-2023-25564: memory corruption when decoding UTF16 strings
- Fix CVE-2023-25565: incorrect free when decoding target information
- Fix CVE-2023-25566: memory leak when parsing usernames
- Fix CVE-2023-25567: out-of-bounds read when decoding target information
- Resolves: rhbz#2181313


Related CVEs


CVE-2023-25564
CVE-2023-25563
CVE-2023-25565
CVE-2023-25566
CVE-2023-25567

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) gssntlmssp-1.2.0-1.el8_8.src.rpme264bfeecc9cb3e60e6e623e55326931-
gssntlmssp-1.2.0-1.el8_8.aarch64.rpme51adeee364737f3f62d28af1775df39-
Oracle Linux 8 (x86_64) gssntlmssp-1.2.0-1.el8_8.src.rpme264bfeecc9cb3e60e6e623e55326931-
gssntlmssp-1.2.0-1.el8_8.x86_64.rpm318d48edce48358f3dec4c65ee0d75f2-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete