openSUSE Security Update: Security update for gssntlmssp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0048-1 Rating: moderate References: #1208278 #1208279 #1208280 #1208281 #1208282 Cross-References: CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 CVSS scores: CVE-2023-25563 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25564 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2023-25565 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25566 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25567 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for gssntlmssp fixes the following issues: Update to version 1.2.0 * Implement gss_set_cred_option. * Allow to gss_wrap even if NEGOTIATE_SEAL is not negotiated. * Move HMAC code to OpenSSL EVP API. * Fix crash bug when acceptor credentials are NULL. * Translations update from Fedora Weblate. Fix security issues: * CVE-2023-25563 (boo#1208278): multiple out-of-bounds read when decoding NTLM fields. * CVE-2023-25564 (boo#1208279): memory corruption when decoding UTF16 strings. * CVE-2023-25565 (boo#1208280): incorrect free when decoding target information. * CVE-2023-25566 (boo#1208281): memory leak when parsing usernames. * CVE-2023-25567 (boo#1208282): out-of-bounds read when decoding target information. Update to version 1.1 * various build fixes and better compatibility when a MIC is requested. Update to version 1.0 * Fix test_gssapi_rfc5587. * Actually run tests with make check. * Add two tests around NTLMSSP_NEGOTIATE_LMKEY. * Refine LM compatibility level logic. * Refactor the gssntlm_required_security function. * Implement reading LM/NT hashes. * Add test for smpasswd-like user files. * Return confidentiality status. * Fix segfault in sign/seal functions. * Fix dummy signature generation. * Use UCS16LE instead of UCS-2LE. * Provide a zero lm key if the password is too long. * Completely omit CBs AV pairs when no CB provided. * Change license to the more permissive ISC. * Do not require cached users with winbind. * Add ability to pass keyfile via cred store. * Remove unused parts of Makefile.am. * Move attribute names to allocated strings. * Adjust serialization for name attributes. * Fix crash in acquiring credentials. * Fix fallback to external_creds interface. * Introduce parse_user_name() function. * Add test for parse_user_name. * Change how we assemble user names in ASC. * Use thread local storage for winbind context. * Make per thread winbind context optional. * Fixed memleak of usr_cred. * Support get_sids request via name attributes. * Fixed memory leaks found by valgrind. - Update to version 0.9 * add support for getting session key. * Add gss_inquire_attrs_for_mech(). * Return actual data for RFC5587 API. * Add new Windows version flags. * Add Key exchange also when wanting integrity only. * Drop support for GSS_C_MA_NOT_DFLT_MECH. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-48=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): gssntlmssp-1.2.0-bp154.2.3.1 gssntlmssp-devel-1.2.0-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-25563.html https://www.suse.com/security/cve/CVE-2023-25564.html https://www.suse.com/security/cve/CVE-2023-25565.html https://www.suse.com/security/cve/CVE-2023-25566.html https://www.suse.com/security/cve/CVE-2023-25567.html https://bugzilla.suse.com/1208278 https://bugzilla.suse.com/1208279 https://bugzilla.suse.com/1208280 https://bugzilla.suse.com/1208281 https://bugzilla.suse.com/1208282