Описание
Security update for samba
This update for samba fixes the following issue:
- An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231]
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
ctdb-4.2.4-18.41.1
libdcerpc-binding0-4.2.4-18.41.1
libdcerpc-binding0-32bit-4.2.4-18.41.1
libdcerpc0-4.2.4-18.41.1
libdcerpc0-32bit-4.2.4-18.41.1
libgensec0-4.2.4-18.41.1
libgensec0-32bit-4.2.4-18.41.1
libndr-krb5pac0-4.2.4-18.41.1
libndr-krb5pac0-32bit-4.2.4-18.41.1
libndr-nbt0-4.2.4-18.41.1
libndr-nbt0-32bit-4.2.4-18.41.1
libndr-standard0-4.2.4-18.41.1
libndr-standard0-32bit-4.2.4-18.41.1
libndr0-4.2.4-18.41.1
libndr0-32bit-4.2.4-18.41.1
libnetapi0-4.2.4-18.41.1
libnetapi0-32bit-4.2.4-18.41.1
libregistry0-4.2.4-18.41.1
libsamba-credentials0-4.2.4-18.41.1
libsamba-credentials0-32bit-4.2.4-18.41.1
libsamba-hostconfig0-4.2.4-18.41.1
libsamba-hostconfig0-32bit-4.2.4-18.41.1
libsamba-passdb0-4.2.4-18.41.1
libsamba-passdb0-32bit-4.2.4-18.41.1
libsamba-util0-4.2.4-18.41.1
libsamba-util0-32bit-4.2.4-18.41.1
libsamdb0-4.2.4-18.41.1
libsamdb0-32bit-4.2.4-18.41.1
libsmbclient-raw0-4.2.4-18.41.1
libsmbclient-raw0-32bit-4.2.4-18.41.1
libsmbclient0-4.2.4-18.41.1
libsmbclient0-32bit-4.2.4-18.41.1
libsmbconf0-4.2.4-18.41.1
libsmbconf0-32bit-4.2.4-18.41.1
libsmbldap0-4.2.4-18.41.1
libsmbldap0-32bit-4.2.4-18.41.1
libtevent-util0-4.2.4-18.41.1
libtevent-util0-32bit-4.2.4-18.41.1
libwbclient0-4.2.4-18.41.1
libwbclient0-32bit-4.2.4-18.41.1
samba-4.2.4-18.41.1
samba-32bit-4.2.4-18.41.1
samba-client-4.2.4-18.41.1
samba-client-32bit-4.2.4-18.41.1
samba-doc-4.2.4-18.41.1
samba-libs-4.2.4-18.41.1
samba-libs-32bit-4.2.4-18.41.1
samba-winbind-4.2.4-18.41.1
samba-winbind-32bit-4.2.4-18.41.1
SUSE Linux Enterprise Server for SAP Applications 12
ctdb-4.2.4-18.41.1
libdcerpc-binding0-4.2.4-18.41.1
libdcerpc-binding0-32bit-4.2.4-18.41.1
libdcerpc0-4.2.4-18.41.1
libdcerpc0-32bit-4.2.4-18.41.1
libgensec0-4.2.4-18.41.1
libgensec0-32bit-4.2.4-18.41.1
libndr-krb5pac0-4.2.4-18.41.1
libndr-krb5pac0-32bit-4.2.4-18.41.1
libndr-nbt0-4.2.4-18.41.1
libndr-nbt0-32bit-4.2.4-18.41.1
libndr-standard0-4.2.4-18.41.1
libndr-standard0-32bit-4.2.4-18.41.1
libndr0-4.2.4-18.41.1
libndr0-32bit-4.2.4-18.41.1
libnetapi0-4.2.4-18.41.1
libnetapi0-32bit-4.2.4-18.41.1
libregistry0-4.2.4-18.41.1
libsamba-credentials0-4.2.4-18.41.1
libsamba-credentials0-32bit-4.2.4-18.41.1
libsamba-hostconfig0-4.2.4-18.41.1
libsamba-hostconfig0-32bit-4.2.4-18.41.1
libsamba-passdb0-4.2.4-18.41.1
libsamba-passdb0-32bit-4.2.4-18.41.1
libsamba-util0-4.2.4-18.41.1
libsamba-util0-32bit-4.2.4-18.41.1
libsamdb0-4.2.4-18.41.1
libsamdb0-32bit-4.2.4-18.41.1
libsmbclient-raw0-4.2.4-18.41.1
libsmbclient-raw0-32bit-4.2.4-18.41.1
libsmbclient0-4.2.4-18.41.1
libsmbclient0-32bit-4.2.4-18.41.1
libsmbconf0-4.2.4-18.41.1
libsmbconf0-32bit-4.2.4-18.41.1
libsmbldap0-4.2.4-18.41.1
libsmbldap0-32bit-4.2.4-18.41.1
libtevent-util0-4.2.4-18.41.1
libtevent-util0-32bit-4.2.4-18.41.1
libwbclient0-4.2.4-18.41.1
libwbclient0-32bit-4.2.4-18.41.1
samba-4.2.4-18.41.1
samba-32bit-4.2.4-18.41.1
samba-client-4.2.4-18.41.1
samba-client-32bit-4.2.4-18.41.1
samba-doc-4.2.4-18.41.1
samba-libs-4.2.4-18.41.1
samba-libs-32bit-4.2.4-18.41.1
samba-winbind-4.2.4-18.41.1
samba-winbind-32bit-4.2.4-18.41.1
Ссылки
- Link for SUSE-SU-2017:1396-1
- E-Mail link for SUSE-SU-2017:1396-1
- SUSE Security Ratings
- SUSE Bug 1038231
- SUSE CVE CVE-2017-7494 page
Описание
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:ctdb-4.2.4-18.41.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-32bit-4.2.4-18.41.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-4.2.4-18.41.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc0-32bit-4.2.4-18.41.1
Ссылки
- CVE-2017-7494
- SUSE Bug 1038231