Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
217

Oracle Linux 8 Advisory ELSA-2023-3097 Moderate: Gssntlmssp Security Fix

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-3097 https://linux.oracle.com/errata/ELSA-2023-3097.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: gssntlmssp-1.2.0-1.el8_8.x86_64.rpm aarch64: gssntlmssp-1.2.0-1.el8_8.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//gssntlmssp-1.2.0-1.el8_8.src.rpm Related CVEs: CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 Description of changes: [1.2.0-1] - New release 1.2.0 - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix CVE-2023-25565: incorrect free when decoding target information - Fix CVE-2023-25566: memory leak when parsing usernames - Fix CVE-2023-25567: out-of-bounds read when decoding target information - Resolves: rhbz#2181313 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Debian GNU/Linux 11 gssntlmssp gets a significant security patch addressing several vulnerabilities. Discover the details here.. Oracle Linux Update, Security Fix, gssntlmssp, Moderate Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 26, 2023 Important Oracle
98

Red Hat 8: RHSA-2023-3097-01 Moderate: gssntlmssp Authentication Issue

An update for gssntlmssp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gssntlmssp security update Advisory ID: RHSA-2023:3097-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:3097 Issue date: 2023-05-16 CVE Names: CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 ==================================================================== 1. Summary: An update for gssntlmssp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Security Fix(es): * gssntlmssp: multiple out-of-bounds read when decoding NTLM fields (CVE-2023-25563) * gssntlmssp: memory corruption when decoding UTF16 strings (CVE-2023-25564) * gssntlmssp: incorrect free when decoding target information (CVE-2023-25565) * gssntlmssp: memory leak when parsing usernames (CVE-2023-25566) * gssntlmssp: out-of-bounds read when decoding target information (CVE-2023-25567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2172019 - CVE-2023-25563 gssntlmssp: multiple out-of-bounds read when decoding NTLM fields 2172020 - CVE-2023-25564 gssntlmssp: memory corruption when decoding UTF16 strings 2172021 - CVE-2023-25565 gssntlmssp: incorrect free when decoding target information 2172022 - CVE-2023-25566 gssntlmssp: memory leak when parsing usernames 2172023 - CVE-2023-25567 gssntlmssp: out-of-bounds read when decoding target information 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: gssntlmssp-1.2.0-1.el8_8.src.rpm aarch64: gssntlmssp-1.2.0-1.el8_8.aarch64.rpm gssntlmssp-debuginfo-1.2.0-1.el8_8.aarch64.rpm gssntlmssp-debugsource-1.2.0-1.el8_8.aarch64.rpm ppc64le: gssntlmssp-1.2.0-1.el8_8.ppc64le.rpm gssntlmssp-debuginfo-1.2.0-1.el8_8.ppc64le.rpm gssntlmssp-debugsource-1.2.0-1.el8_8.ppc64le.rpm s390x: gssntlmssp-1.2.0-1.el8_8.s390x.rpm gssntlmssp-debuginfo-1.2.0-1.el8_8.s390x.rpm gssntlmssp-debugsource-1.2.0-1.el8_8.s390x.rpm x86_64: gssntlmssp-1.2.0-1.el8_8.x86_64.rpm gssntlmssp-debuginfo-1.2.0-1.el8_8.x86_64.rpm gssntlmssp-debugsource-1.2.0-1.el8_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-25563 https://access.redhat.com/security/cve/CVE-2023-25564 https://access.redhat.com/security/cve/CVE-2023-25565 https://access.redhat.com/security/cve/CVE-2023-25566 https://access.redhat.com/security/cve/CVE-2023-25567 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version:GnuPG v1 iQIVAwUBZGNwpNzjgjWX9erEAQjhaA//fxlq/Nag7VoFfE1Y5XCdKkIvvZzUZyBu AuzLCsBmfy9IFUIDHcS/EXiLDD56l045V7jstindFbCJGyyh/HGCgV2pXTG4VZYc hAGGI2jqAvIKMfuSPfS4iP3u6iWBE8HIalfFzlfgKKn/mLU+EUNhsc+Vld4D9/qx XuyckvMP/OqhIdN7q5hzYRYWBpnmv9Q4oOQKHPcncanlYiVRw8nf8hGZdeOonFnP 187jWDG1djdJ9a4QUcc94aNJ3v2ySb1xIAdtHc1MZLLjtXg5XMmoTujN0Ihs10E2 MgU0eveLoaD69vHeIpgaA7bXydSEYAIiXwkCQkcU06za1y7pmTMIPgscaLdu9HGs kW0YvLRlEh1liOUb/GSutqKf7Z/xW8n1P/eOtjghJRpVK+g5p1LpFiVm0Fa8+Kvq hJb9LchDsq8b6ATzBtF7AICq2VRHuSvQK/DEM3D6lf2N6tcnP5aKHqtoMKyaJXi1 k/O/KWXTTHFpRUM5gp1R5GeL1V6uapgt6hlLK2/bHB9lC079njD5Sp5jdBvuIqNf +LdeBm7nVZVam7t91ycqU3kOF8Doy6x3Pt3T9tV7qkggcq+nogTUmoH0T/QaFpI/ JQPTDVY0rmCeuJgUYS3EYYg8wLG9bDTybD+L32XRp6XMXZcTAVrasyRXvpQmHuaG KCYRZky/tys=EfT0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat has released a moderate severity advisory for gssntlmssp updates, addressing vulnerabilities in the GSS-NTLMSSP mechanism for Linux systems.. gssntlmssp update, Red Hat Enterprise, security patch, software improvement. . LinuxSecurity.com Team

Calendar%202 May 16, 2023 Red Hat
203

Mageia 8 MGASA-2023-0108 Moderate: gssntlmssp Memory Issues

Multiple out-of-bounds read when decoding NTLM fields. (CVE-2023-25563) Memory corruption when decoding UTF16 strings. (CVE-2023-25564) Incorrect free when decoding target information. (CVE-2023-25565) Memory leak when parsing usernames. (CVE-2023-25566) Out-of-bounds read when decoding target information. (CVE-2023-25567) . MGASA-2023-0108 - Updated gssntlmssp packages fix security vulnerability Publication date: 24 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0108.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-25563, CVE-2023-25564, CVE-2023-25565, CVE-2023-25566, CVE-2023-25567 Multiple out-of-bounds read when decoding NTLM fields. (CVE-2023-25563) Memory corruption when decoding UTF16 strings. (CVE-2023-25564) Incorrect free when decoding target information. (CVE-2023-25565) Memory leak when parsing usernames. (CVE-2023-25566) Out-of-bounds read when decoding target information. (CVE-2023-25567) References: - https://bugs.mageia.org/show_bug.cgi?id=31574 - - https://www.cve.org/CVERecord?id=CVE-2023-25563 - https://www.cve.org/CVERecord?id=CVE-2023-25564 - https://www.cve.org/CVERecord?id=CVE-2023-25565 - https://www.cve.org/CVERecord?id=CVE-2023-25566 - https://www.cve.org/CVERecord?id=CVE-2023-25567 SRPMS: - 8/core/gssntlmssp-1.2.0-1.mga8 . MGASA-2023-0109 upgrades libssh packages to address several vulnerabilities disclosed on 30 Mar 2023.. Gssntlmssp Update, Mageia 8 Security, Memory Error Fix, Security Flaw Resolution. . LinuxSecurity.com Team

Calendar%202 Mar 24, 2023 Mageia
89

Fedora 37: 2023-CB63C0F615 Critical Gssntlmssp Security Update

Patched several CVEs reported by GitHub Security Lab CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-cb63c0f615 2023-02-22 10:10:35.978872 --------------------------------------------------------------------------------Name : gssntlmssp Product : Fedora 37 Version : 1.2.0 Release : 1.fc37 URL : https://github.com/gssapi/gss-ntlmssp Summary : GSSAPI NTLMSSP Mechanism Description : A GSSAPI Mechanism that implements NTLMSSP --------------------------------------------------------------------------------Update Information: Patched several CVEs reported by GitHub Security Lab CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 --------------------------------------------------------------------------------ChangeLog: * Mon Feb 13 2023 Simo Sorce - 1.2.0-1 - New security release 1.2.0 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cb63c0f615' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . A series of CVEs addressed in Fedora 37 for gssntlmssp via a recent update aimed at improving security protocols.. Fedora Security Update,gssntlmssp Update,Threat Mitigation,Software Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 22, 2023 Critical Fedora
202

openSUSE: 2023:0048-1 Moderate: Multiple gssntlmssp Issues Fixed

An update that fixes 5 vulnerabilities is now available. . openSUSE Security Update: Security update for gssntlmssp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0048-1 Rating: moderate References: #1208278 #1208279 #1208280 #1208281 #1208282 Cross-References: CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 CVSS scores: CVE-2023-25563 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25564 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2023-25565 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25566 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25567 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for gssntlmssp fixes the following issues: Update to version 1.2.0 * Implement gss_set_cred_option. * Allow to gss_wrap even if NEGOTIATE_SEAL is not negotiated. * Move HMAC code to OpenSSL EVP API. * Fix crash bug when acceptor credentials are NULL. * Translations update from Fedora Weblate. Fix security issues: * CVE-2023-25563 (boo#1208278): multiple out-of-bounds read when decoding NTLM fields. * CVE-2023-25564 (boo#1208279): memory corruption when decoding UTF16 strings. * CVE-2023-25565 (boo#1208280): incorrect free when decoding target information. * CVE-2023-25566 (boo#1208281): memory leak when parsing usernames. * CVE-2023-25567 (boo#1208282): out-of-bounds read when decoding target information. Update to version 1.1 * various build fixes and better compatibility whena MIC is requested. Update to version 1.0 * Fix test_gssapi_rfc5587. * Actually run tests with make check. * Add two tests around NTLMSSP_NEGOTIATE_LMKEY. * Refine LM compatibility level logic. * Refactor the gssntlm_required_security function. * Implement reading LM/NT hashes. * Add test for smpasswd-like user files. * Return confidentiality status. * Fix segfault in sign/seal functions. * Fix dummy signature generation. * Use UCS16LE instead of UCS-2LE. * Provide a zero lm key if the password is too long. * Completely omit CBs AV pairs when no CB provided. * Change license to the more permissive ISC. * Do not require cached users with winbind. * Add ability to pass keyfile via cred store. * Remove unused parts of Makefile.am. * Move attribute names to allocated strings. * Adjust serialization for name attributes. * Fix crash in acquiring credentials. * Fix fallback to external_creds interface. * Introduce parse_user_name() function. * Add test for parse_user_name. * Change how we assemble user names in ASC. * Use thread local storage for winbind context. * Make per thread winbind context optional. * Fixed memleak of usr_cred. * Support get_sids request via name attributes. * Fixed memory leaks found by valgrind. - Update to version 0.9 * add support for getting session key. * Add gss_inquire_attrs_for_mech(). * Return actual data for RFC5587 API. * Add new Windows version flags. * Add Key exchange also when wanting integrity only. * Drop support for GSS_C_MA_NOT_DFLT_MECH. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-48=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): gssntlmssp-1.2.0-bp154.2.3.1 gssntlmssp-devel-1.2.0-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-25563.html https://www.suse.com/security/cve/CVE-2023-25564.html https://www.suse.com/security/cve/CVE-2023-25565.html https://www.suse.com/security/cve/CVE-2023-25566.html https://www.suse.com/security/cve/CVE-2023-25567.html https://bugzilla.suse.com/1208278 https://bugzilla.suse.com/1208279 https://bugzilla.suse.com/1208280 https://bugzilla.suse.com/1208281 https://bugzilla.suse.com/1208282 . This patch corrects various flaws in the gssntlmssp module for openSUSE, improving overall security and performance.. openSUSE Security Update,gssntlmssp,system vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Feb 18, 2023 OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200