{"affected":[{"ecosystem_specific":{"binaries":[{"gssntlmssp":"1.2.0-bp154.2.3.1","gssntlmssp-devel":"1.2.0-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"gssntlmssp","purl":"pkg:rpm/suse/gssntlmssp&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.0-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gssntlmssp":"1.2.0-bp154.2.3.1","gssntlmssp-devel":"1.2.0-bp154.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"gssntlmssp","purl":"pkg:rpm/opensuse/gssntlmssp&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.0-bp154.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for gssntlmssp fixes the following issues:\n\nUpdate to version 1.2.0\n\n* Implement gss_set_cred_option.\n* Allow to gss_wrap even if NEGOTIATE_SEAL is not negotiated.\n* Move HMAC code to OpenSSL EVP API.\n* Fix crash bug when acceptor credentials are NULL.\n* Translations update from Fedora Weblate.\n\nFix security issues:\n\n* CVE-2023-25563 (boo#1208278): multiple out-of-bounds read when decoding NTLM fields.\n* CVE-2023-25564 (boo#1208279): memory corruption when decoding UTF16 strings.\n* CVE-2023-25565 (boo#1208280): incorrect free when decoding target information.\n* CVE-2023-25566 (boo#1208281): memory leak when parsing usernames.\n* CVE-2023-25567 (boo#1208282): out-of-bounds read when decoding target information.\n\nUpdate to version 1.1\n\n* various build fixes and better compatibility when a MIC is\n  requested.\n\nUpdate to version 1.0\n\n* Fix test_gssapi_rfc5587.\n* Actually run tests with make check.\n* Add two tests around NTLMSSP_NEGOTIATE_LMKEY.\n* Refine LM compatibility level logic.\n* Refactor the gssntlm_required_security function.\n* Implement reading LM/NT hashes.\n* Add test for smpasswd-like user files.\n* Return confidentiality status.\n* Fix segfault in sign/seal functions.\n* Fix dummy signature generation.\n* Use UCS16LE instead of UCS-2LE.\n* Provide a zero lm key if the password is too long.\n* Completely omit CBs AV pairs when no CB provided.\n* Change license to the more permissive ISC.\n* Do not require cached users with winbind.\n* Add ability to pass keyfile via cred store.\n* Remove unused parts of Makefile.am.\n* Move attribute names to allocated strings.\n* Adjust serialization for name attributes.\n* Fix crash in acquiring credentials.\n* Fix fallback to external_creds interface.\n* Introduce parse_user_name() function.\n* Add test for parse_user_name.\n* Change how we assemble user names in ASC.\n* Use thread local storage for winbind context.\n* Make per thread winbind context optional.\n* Fixed memleak of usr_cred.\n* Support get_sids request via name attributes.\n* Fixed memory leaks found by valgrind.\n- Update to version 0.9\n* add support for getting session key.\n* Add gss_inquire_attrs_for_mech().\n* Return actual data for RFC5587 API.\n* Add new Windows version flags.\n* Add Key exchange also when wanting integrity only.\n* Drop support for GSS_C_MA_NOT_DFLT_MECH.\n","id":"openSUSE-SU-2023:0048-1","modified":"2023-02-18T15:01:17Z","published":"2023-02-18T15:01:17Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WXCOTOTL4ZIZB65QEGM65YZZILOED4A3/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208278"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208279"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208280"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208281"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208282"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-25563"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-25564"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-25565"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-25566"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-25567"}],"related":["CVE-2023-25563","CVE-2023-25564","CVE-2023-25565","CVE-2023-25566","CVE-2023-25567"],"summary":"Security update for gssntlmssp","upstream":["CVE-2023-25563","CVE-2023-25564","CVE-2023-25565","CVE-2023-25566","CVE-2023-25567"]}