SUSE-SU-2021:2937-1

Details

This update for libesmtp fixes the following issues:

CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462).

Affected Packages

libesmtp

SUSE Enterprise Storage 6SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSS

Fixed in:

1.0.6-150.4.1

libesmtp-devel

SUSE Enterprise Storage 6SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSS

Fixed in:

1.0.6-150.4.1

References

REPORT

https://bugzilla.suse.com/1160462

REPORT

https://bugzilla.suse.com/1189097

WEB

https://www.suse.com/security/cve/CVE-2019-19977

ADVISORY

https://www.suse.com/support/update/announcement/2021/suse-su-20212937-1/