openSUSE-SU-2020:0806-1

Опубликовано: 13 июн. 2020

Источник: suse-cvrf

Описание

Security update for libntlm

This update for libntlm fixes the following issues:

Update to release 1.6:

CVE-2019-17455: Fixed a buffer overflow in buildSmbNtlmAuth* function. (boo#1153669)

Список пакетов

openSUSE Leap 15.1

libntlm-devel-1.6-lp151.3.3.1

libntlm0-1.6-lp151.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7PO7Q5SGPGD6IOVLWRXG7JT6EH6C3EGX/
E-Mail link for openSUSE-SU-2020:0806-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1153669
SUSE Bug 1153669
https://www.suse.com/security/cve/CVE-2019-17455/
SUSE CVE CVE-2019-17455 page

Описание

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

Затронутые продукты

openSUSE Leap 15.1:libntlm-devel-1.6-lp151.3.3.1

openSUSE Leap 15.1:libntlm0-1.6-lp151.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-17455.html
CVE-2019-17455
https://bugzilla.suse.com/1153669
SUSE Bug 1153669

openSUSE-SU-2020:0806-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-17455

Описание

Затронутые продукты

Ссылки