Updated gssntlmssp packages fix security vulnerability
Publication date: 24 Mar 2023Modification date: 24 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-25563 , CVE-2023-25564 , CVE-2023-25565 , CVE-2023-25566 , CVE-2023-25567
Description
Multiple out-of-bounds read when decoding NTLM fields. (CVE-2023-25563)
Memory corruption when decoding UTF16 strings. (CVE-2023-25564)
Incorrect free when decoding target information. (CVE-2023-25565)
Memory leak when parsing usernames. (CVE-2023-25566)
Out-of-bounds read when decoding target information. (CVE-2023-25567)
References
- https://bugs.mageia.org/show_bug.cgi?id=31574
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WXCOTOTL4ZIZB65QEGM65YZZILOED4A3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25563
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25564
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25566
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25567
SRPMS
8/core
- gssntlmssp-1.2.0-1.mga8