Описание
ELSA-2014-0383: samba4 security update (MODERATE)
[4.0.0-61.rc4]
- resolves: #1073913 - Fix CVE-2012-6150.
- resolves: #1073913 - Fix CVE-2013-4496.
- resolves: #1073913 - Fix CVE-2013-6442.
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
samba4
4.0.0-61.el6_5.rc4
samba4-client
4.0.0-61.el6_5.rc4
samba4-common
4.0.0-61.el6_5.rc4
samba4-dc
4.0.0-61.el6_5.rc4
samba4-dc-libs
4.0.0-61.el6_5.rc4
samba4-devel
4.0.0-61.el6_5.rc4
samba4-libs
4.0.0-61.el6_5.rc4
samba4-pidl
4.0.0-61.el6_5.rc4
samba4-python
4.0.0-61.el6_5.rc4
samba4-swat
4.0.0-61.el6_5.rc4
samba4-test
4.0.0-61.el6_5.rc4
samba4-winbind
4.0.0-61.el6_5.rc4
samba4-winbind-clients
4.0.0-61.el6_5.rc4
samba4-winbind-krb5-locator
4.0.0-61.el6_5.rc4
Oracle Linux i686
samba4
4.0.0-61.el6_5.rc4
samba4-client
4.0.0-61.el6_5.rc4
samba4-common
4.0.0-61.el6_5.rc4
samba4-dc
4.0.0-61.el6_5.rc4
samba4-dc-libs
4.0.0-61.el6_5.rc4
samba4-devel
4.0.0-61.el6_5.rc4
samba4-libs
4.0.0-61.el6_5.rc4
samba4-pidl
4.0.0-61.el6_5.rc4
samba4-python
4.0.0-61.el6_5.rc4
samba4-swat
4.0.0-61.el6_5.rc4
samba4-test
4.0.0-61.el6_5.rc4
samba4-winbind
4.0.0-61.el6_5.rc4
samba4-winbind-clients
4.0.0-61.el6_5.rc4
samba4-winbind-krb5-locator
4.0.0-61.el6_5.rc4
Связанные CVE
Связанные уязвимости
Уязвимости операционной системы CentOS, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
ELSA-2014-0330: samba and samba3x security update (MODERATE)
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.