Libntlm 1.6

libntlm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Libntlm 1.6

From:	Simon Josefsson
Subject:	Libntlm 1.6
Date:	Sun, 19 Apr 2020 10:20:17 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Libntlm provides routines to manipulate the structures used for the
client end of Microsoft NTLM authentication.  This code was initially
taken (mostly) from the Samba project and was initially intended for use
with Microsoft Exchange Server when it is configured to require NTLM
authentication for clients of it's IMAP server.  Today, Libntlm contains
re-written code, so that the license is now LGPLv2+.

News since the last release:

** Fix buffer overflow in buildSmbNtlmAuth* function.  CVE-2019-17455.
Reported by Kirin in <https://gitlab.com/jas/libntlm/-/issues/2> and
patch provided by Cedric Buissart.  See newly introduced regression
check test_CVE-2019-17455.c for test of a vulnerable library.

** Update gnulib files.

The project page of the library is available at:
  https://www.nongnu.org/libntlm/

If you need help to use Libntlm, or want to help others, you are invited
to join our mailing list, see:
  https://lists.nongnu.org/mailman/listinfo/libntlm

Here are the compressed sources (676K) and detached OpenPGP signature:
  https://www.nongnu.org/libntlm/releases/libntlm-1.6.tar.gz
  https://www.nongnu.org/libntlm/releases/libntlm-1.6.tar.gz.sig

Windows binaries are available:
  https://www.nongnu.org/libntlm/releases/libntlm-1.6-win32.zip
  https://www.nongnu.org/libntlm/releases/libntlm-1.6-win32.zip.sig
  https://www.nongnu.org/libntlm/releases/libntlm-1.6-win64.zip
  https://www.nongnu.org/libntlm/releases/libntlm-1.6-win64.zip.sig

The software is cryptographically signed by the maintainer using an
OpenPGP key identified by the following information:

sec#  ed25519 2019-03-20 [SC]
      B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE
uid           [ultimate] Simon Josefsson <address@hidden>

The key is available from:
  https://josefsson.org/key-20190320.txt

Here are the SHA-256 checksums:

f2376b87b06d8755aa3498bb1226083fdb1d2cf4460c3982b05a9aa0b51d6821  
libntlm-1.6.tar.gz
3db3474c72e48c8f77496a76d84f47485c325938f46ef220e8f352cf7b1ba773  
libntlm-1.6-win32.zip
2dda3bda329e380cbd63b77ae379d0fb49278316e3593a065f2620077321dcc5  
libntlm-1.6-win64.zip

Happy hacking,
Simon

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Libntlm 1.6, Simon Josefsson <=

Prev by Date: Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request)
Next by Date: Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request)
Previous by thread: Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request)
Index(es):
- Date
- Thread