SUSE-SU-2017:2237-1

Опубликовано: 22 авг. 2017

Источник: suse-cvrf

Описание

Security update for samba and resource-agents

This update provides Samba 4.6.7, which fixes the following issues:

CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext (the Ticket) rather than the authenticated and encrypted KDC response. (bsc#1048278)
Fix cephwrap_chdir(). (bsc#1048790)
Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb. (bsc#1048339)
Fix inconsistent ctdb socket path. (bsc#1048352)
Fix non-admin cephx authentication. (bsc#1048387)
CTDB cannot start when there is no persistent database. (bsc#1052577)

The CTDB resource agent was also fixed to not fail when the database is empty.

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.7.1

libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.7.1

libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-krb5pac0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-krb5pac0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-nbt0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-nbt0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-standard0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-standard0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libnetapi0-4.6.7+git.38.90b2cdb4f22-3.7.1

libnetapi0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-credentials0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-credentials0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-errors0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-errors0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-hostconfig0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-hostconfig0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-passdb0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-passdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-util0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamdb0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbconf0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbconf0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbldap0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbldap0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libtevent-util0-4.6.7+git.38.90b2cdb4f22-3.7.1

libtevent-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libwbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1

libwbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-client-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-client-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-doc-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-libs-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-libs-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-winbind-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-winbind-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

SUSE Linux Enterprise High Availability Extension 12 SP3

ctdb-4.6.7+git.38.90b2cdb4f22-3.7.1

ldirectord-4.0.1+git.1495055229.643177f1-2.4.2

monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.4.2

resource-agents-4.0.1+git.1495055229.643177f1-2.4.2

SUSE Linux Enterprise Server 12 SP3

libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.7.1

libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.7.1

libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-krb5pac0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-krb5pac0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-nbt0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-nbt0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-standard0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-standard0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libnetapi0-4.6.7+git.38.90b2cdb4f22-3.7.1

libnetapi0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-credentials0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-credentials0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-errors0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-errors0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-hostconfig0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-hostconfig0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-passdb0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-passdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-util0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamdb0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbconf0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbconf0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbldap0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbldap0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libtevent-util0-4.6.7+git.38.90b2cdb4f22-3.7.1

libtevent-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libwbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1

libwbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-client-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-client-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-doc-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-libs-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-libs-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-winbind-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-winbind-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.7.1

libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.7.1

libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-krb5pac0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-krb5pac0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-nbt0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-nbt0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-standard0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr-standard0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr0-4.6.7+git.38.90b2cdb4f22-3.7.1

libndr0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libnetapi0-4.6.7+git.38.90b2cdb4f22-3.7.1

libnetapi0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-credentials0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-credentials0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-errors0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-errors0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-hostconfig0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-hostconfig0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-passdb0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-passdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-util0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamdb0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsamdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbconf0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbconf0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbldap0-4.6.7+git.38.90b2cdb4f22-3.7.1

libsmbldap0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libtevent-util0-4.6.7+git.38.90b2cdb4f22-3.7.1

libtevent-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

libwbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1

libwbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-client-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-client-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-doc-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-libs-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-libs-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-winbind-4.6.7+git.38.90b2cdb4f22-3.7.1

samba-winbind-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

SUSE Linux Enterprise Software Development Kit 12 SP3

libsmbclient-devel-4.6.7+git.38.90b2cdb4f22-3.7.1

libwbclient-devel-4.6.7+git.38.90b2cdb4f22-3.7.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20172237-1/
Link for SUSE-SU-2017:2237-1
https://lists.suse.com/pipermail/sle-security-updates/2017-August/003152.html
E-Mail link for SUSE-SU-2017:2237-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1048278
SUSE Bug 1048278
https://bugzilla.suse.com/1048339
SUSE Bug 1048339
https://bugzilla.suse.com/1048352
SUSE Bug 1048352
https://bugzilla.suse.com/1048387
SUSE Bug 1048387
https://bugzilla.suse.com/1048790
SUSE Bug 1048790
https://bugzilla.suse.com/1052577
SUSE Bug 1052577
https://bugzilla.suse.com/1054017
SUSE Bug 1054017
https://www.suse.com/security/cve/CVE-2017-11103/
SUSE CVE CVE-2017-11103 page

Описание

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.7.1

SUSE Linux Enterprise Desktop 12 SP3:libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1

SUSE Linux Enterprise Desktop 12 SP3:libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-11103.html
CVE-2017-11103
https://bugzilla.suse.com/1048278
SUSE Bug 1048278

SUSE-SU-2017:2237-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise High Availability Extension 12 SP3

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP3

Ссылки

Уязвимость: CVE-2017-11103

Описание

Затронутые продукты

Ссылки