-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libntlm Version : 1.4-3+deb8u1 CVE ID : CVE-2019-17455
It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. For Debian 8 "Jessie", this problem has been fixed in version 1.4-3+deb8u1. We recommend that you upgrade your libntlm packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl64K/kACgkQ0+Fzg8+n /wbYhw/+IYUw88cFkAa1sK8EdXbLQvbmE/2dOD3ZaaJsrxtB2L3aTORyjcpe3FEI wgQ+mM7Tn4o3IAVVcKq3xjYyBG/k+wKRTfGnWQJI9aJivDZYpYbR06fFya95HC7+ FpBFwAwEA1AVHOif3jAjDSMKKrxRhML58zj7cIZLYybgfcooTk3jrn+e1Y+0XxnX Y+uslnvvAunRh6n67+Gbq8Nf3oqXV22039XpvUQbzApSkgWJojRvx1IlNUFT5JOL a8jdbtTc0l6DegIWmpvkrB1wFHq93g9zZBvbRUBP8VyMnsZCR6LV7GZMI04N/Cl0 CeJmVenE9i5bTBaVcNMvuXGWtjzm7mTgFiILck1qk7zxSZnJJnZeHE3qb/+iaCZn SxQpu+EXudw2V1SaqvPr8FUPA6DWRV8nnmlneYLq/5DJJJEBUMU4GTiTIrdUpyjE rzOvQ3rivd/ILvAsKmVQU5Tu8fpqMNR4tKpv/mu8ybU2oF7z8jmtv4p/B3ywYOXr owGt8CEJ4b6FwGJiMWiccd0fkGx1rtSXqUSA802ctIEnjyG88Cvhtvb7J9c5GrvU I3H3PaMYBiANnxPOZ1XSCNpMh1flqBLX60O70rX4/RkfhoNTMiXmWLB2t8lxMofw NJGcSfKTdlePFANF9DUK9y8ifby39XaoxqbIp8dequY28mMpPwc= =40TN -----END PGP SIGNATURE-----