ELSA-2023-3097 - gssntlmssp security update
Type: | SECURITY |
Severity: | MODERATE |
Release Date: | 2023-05-24 |
Description
[1.2.0-1]
- New release 1.2.0
- Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields
- Fix CVE-2023-25564: memory corruption when decoding UTF16 strings
- Fix CVE-2023-25565: incorrect free when decoding target information
- Fix CVE-2023-25566: memory leak when parsing usernames
- Fix CVE-2023-25567: out-of-bounds read when decoding target information
- Resolves: rhbz#2181313
Related CVEs
Updated Packages
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
Oracle Linux 8 (aarch64) | gssntlmssp-1.2.0-1.el8_8.src.rpm | e264bfeecc9cb3e60e6e623e55326931 | - |
| gssntlmssp-1.2.0-1.el8_8.aarch64.rpm | e51adeee364737f3f62d28af1775df39 | - |
|
Oracle Linux 8 (x86_64) | gssntlmssp-1.2.0-1.el8_8.src.rpm | e264bfeecc9cb3e60e6e623e55326931 | - |
| gssntlmssp-1.2.0-1.el8_8.x86_64.rpm | 318d48edce48358f3dec4c65ee0d75f2 | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team