Advisories ยป MGASA-2020-0219

Updated libntlm packages fix security vulnerability

Publication date: 24 May 2020
Modification date: 24 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-17455

Description

Updated libntlm packages fix security vulnerability:

It was discovered that libntlm through 1.5 relies on a fixed buffer size
for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse
read and write operations, as demonstrated by a stack-based buffer
over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM
request (CVE-2019-17455).

References

SRPMS

7/core