Описание
Security update for samba
This update for samba fixes the following issues:
Security issues fixed:
- CVE-2017-14746: Fixed a use-after-free vulnerability that could be used to crash smbd or potentially execute code (bsc#1060427).
- CVE-2017-15275: Fixed a server heap memory information leak (bsc#1063008).
Non-security issues fixed:
- Update 'winbind expand groups' doc in smb.conf man page; (bsc#1027593).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libdcerpc-atsvc0-4.2.4-28.24.1
SUSE Linux Enterprise High Availability Extension 12 SP1
ctdb-4.2.4-28.24.1
SUSE Linux Enterprise Server 12 SP1-LTSS
ctdb-4.2.4-28.24.1
libdcerpc-binding0-4.2.4-28.24.1
libdcerpc-binding0-32bit-4.2.4-28.24.1
libdcerpc0-4.2.4-28.24.1
libdcerpc0-32bit-4.2.4-28.24.1
libgensec0-4.2.4-28.24.1
libgensec0-32bit-4.2.4-28.24.1
libndr-krb5pac0-4.2.4-28.24.1
libndr-krb5pac0-32bit-4.2.4-28.24.1
libndr-nbt0-4.2.4-28.24.1
libndr-nbt0-32bit-4.2.4-28.24.1
libndr-standard0-4.2.4-28.24.1
libndr-standard0-32bit-4.2.4-28.24.1
libndr0-4.2.4-28.24.1
libndr0-32bit-4.2.4-28.24.1
libnetapi0-4.2.4-28.24.1
libnetapi0-32bit-4.2.4-28.24.1
libregistry0-4.2.4-28.24.1
libsamba-credentials0-4.2.4-28.24.1
libsamba-credentials0-32bit-4.2.4-28.24.1
libsamba-hostconfig0-4.2.4-28.24.1
libsamba-hostconfig0-32bit-4.2.4-28.24.1
libsamba-passdb0-4.2.4-28.24.1
libsamba-passdb0-32bit-4.2.4-28.24.1
libsamba-util0-4.2.4-28.24.1
libsamba-util0-32bit-4.2.4-28.24.1
libsamdb0-4.2.4-28.24.1
libsamdb0-32bit-4.2.4-28.24.1
libsmbclient-raw0-4.2.4-28.24.1
libsmbclient-raw0-32bit-4.2.4-28.24.1
libsmbclient0-4.2.4-28.24.1
libsmbclient0-32bit-4.2.4-28.24.1
libsmbconf0-4.2.4-28.24.1
libsmbconf0-32bit-4.2.4-28.24.1
libsmbldap0-4.2.4-28.24.1
libsmbldap0-32bit-4.2.4-28.24.1
libtevent-util0-4.2.4-28.24.1
libtevent-util0-32bit-4.2.4-28.24.1
libwbclient0-4.2.4-28.24.1
libwbclient0-32bit-4.2.4-28.24.1
samba-4.2.4-28.24.1
samba-32bit-4.2.4-28.24.1
samba-client-4.2.4-28.24.1
samba-client-32bit-4.2.4-28.24.1
samba-doc-4.2.4-28.24.1
samba-libs-4.2.4-28.24.1
samba-libs-32bit-4.2.4-28.24.1
samba-winbind-4.2.4-28.24.1
samba-winbind-32bit-4.2.4-28.24.1
SUSE Linux Enterprise Server 12 SP2
libdcerpc-atsvc0-4.2.4-28.24.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libdcerpc-atsvc0-4.2.4-28.24.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
ctdb-4.2.4-28.24.1
libdcerpc-binding0-4.2.4-28.24.1
libdcerpc-binding0-32bit-4.2.4-28.24.1
libdcerpc0-4.2.4-28.24.1
libdcerpc0-32bit-4.2.4-28.24.1
libgensec0-4.2.4-28.24.1
libgensec0-32bit-4.2.4-28.24.1
libndr-krb5pac0-4.2.4-28.24.1
libndr-krb5pac0-32bit-4.2.4-28.24.1
libndr-nbt0-4.2.4-28.24.1
libndr-nbt0-32bit-4.2.4-28.24.1
libndr-standard0-4.2.4-28.24.1
libndr-standard0-32bit-4.2.4-28.24.1
libndr0-4.2.4-28.24.1
libndr0-32bit-4.2.4-28.24.1
libnetapi0-4.2.4-28.24.1
libnetapi0-32bit-4.2.4-28.24.1
libregistry0-4.2.4-28.24.1
libsamba-credentials0-4.2.4-28.24.1
libsamba-credentials0-32bit-4.2.4-28.24.1
libsamba-hostconfig0-4.2.4-28.24.1
libsamba-hostconfig0-32bit-4.2.4-28.24.1
libsamba-passdb0-4.2.4-28.24.1
libsamba-passdb0-32bit-4.2.4-28.24.1
libsamba-util0-4.2.4-28.24.1
libsamba-util0-32bit-4.2.4-28.24.1
libsamdb0-4.2.4-28.24.1
libsamdb0-32bit-4.2.4-28.24.1
libsmbclient-raw0-4.2.4-28.24.1
libsmbclient-raw0-32bit-4.2.4-28.24.1
libsmbclient0-4.2.4-28.24.1
libsmbclient0-32bit-4.2.4-28.24.1
libsmbconf0-4.2.4-28.24.1
libsmbconf0-32bit-4.2.4-28.24.1
libsmbldap0-4.2.4-28.24.1
libsmbldap0-32bit-4.2.4-28.24.1
libtevent-util0-4.2.4-28.24.1
libtevent-util0-32bit-4.2.4-28.24.1
libwbclient0-4.2.4-28.24.1
libwbclient0-32bit-4.2.4-28.24.1
samba-4.2.4-28.24.1
samba-32bit-4.2.4-28.24.1
samba-client-4.2.4-28.24.1
samba-client-32bit-4.2.4-28.24.1
samba-doc-4.2.4-28.24.1
samba-libs-4.2.4-28.24.1
samba-libs-32bit-4.2.4-28.24.1
samba-winbind-4.2.4-28.24.1
samba-winbind-32bit-4.2.4-28.24.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libdcerpc-atsvc0-4.2.4-28.24.1
SUSE Linux Enterprise Software Development Kit 12 SP2
samba-test-devel-4.2.4-28.24.1
SUSE OpenStack Cloud 6
ctdb-4.2.4-28.24.1
libdcerpc-binding0-4.2.4-28.24.1
libdcerpc-binding0-32bit-4.2.4-28.24.1
libdcerpc0-4.2.4-28.24.1
libdcerpc0-32bit-4.2.4-28.24.1
libgensec0-4.2.4-28.24.1
libgensec0-32bit-4.2.4-28.24.1
libndr-krb5pac0-4.2.4-28.24.1
libndr-krb5pac0-32bit-4.2.4-28.24.1
libndr-nbt0-4.2.4-28.24.1
libndr-nbt0-32bit-4.2.4-28.24.1
libndr-standard0-4.2.4-28.24.1
libndr-standard0-32bit-4.2.4-28.24.1
libndr0-4.2.4-28.24.1
libndr0-32bit-4.2.4-28.24.1
libnetapi0-4.2.4-28.24.1
libnetapi0-32bit-4.2.4-28.24.1
libregistry0-4.2.4-28.24.1
libsamba-credentials0-4.2.4-28.24.1
libsamba-credentials0-32bit-4.2.4-28.24.1
libsamba-hostconfig0-4.2.4-28.24.1
libsamba-hostconfig0-32bit-4.2.4-28.24.1
libsamba-passdb0-4.2.4-28.24.1
libsamba-passdb0-32bit-4.2.4-28.24.1
libsamba-util0-4.2.4-28.24.1
libsamba-util0-32bit-4.2.4-28.24.1
libsamdb0-4.2.4-28.24.1
libsamdb0-32bit-4.2.4-28.24.1
libsmbclient-raw0-4.2.4-28.24.1
libsmbclient-raw0-32bit-4.2.4-28.24.1
libsmbclient0-4.2.4-28.24.1
libsmbclient0-32bit-4.2.4-28.24.1
libsmbconf0-4.2.4-28.24.1
libsmbconf0-32bit-4.2.4-28.24.1
libsmbldap0-4.2.4-28.24.1
libsmbldap0-32bit-4.2.4-28.24.1
libtevent-util0-4.2.4-28.24.1
libtevent-util0-32bit-4.2.4-28.24.1
libwbclient0-4.2.4-28.24.1
libwbclient0-32bit-4.2.4-28.24.1
samba-4.2.4-28.24.1
samba-32bit-4.2.4-28.24.1
samba-client-4.2.4-28.24.1
samba-client-32bit-4.2.4-28.24.1
samba-doc-4.2.4-28.24.1
samba-libs-4.2.4-28.24.1
samba-libs-32bit-4.2.4-28.24.1
samba-winbind-4.2.4-28.24.1
samba-winbind-32bit-4.2.4-28.24.1
Ссылки
- Link for SUSE-SU-2017:3086-1
- E-Mail link for SUSE-SU-2017:3086-1
- SUSE Security Ratings
- SUSE Bug 1027593
- SUSE Bug 1060427
- SUSE Bug 1063008
- SUSE CVE CVE-2017-14746 page
- SUSE CVE CVE-2017-15275 page
Описание
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libdcerpc-atsvc0-4.2.4-28.24.1
SUSE Linux Enterprise High Availability Extension 12 SP1:ctdb-4.2.4-28.24.1
SUSE Linux Enterprise Server 12 SP1-LTSS:ctdb-4.2.4-28.24.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libdcerpc-binding0-32bit-4.2.4-28.24.1
Ссылки
- CVE-2017-14746
- SUSE Bug 1060427
- SUSE Bug 1069666
Описание
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libdcerpc-atsvc0-4.2.4-28.24.1
SUSE Linux Enterprise High Availability Extension 12 SP1:ctdb-4.2.4-28.24.1
SUSE Linux Enterprise Server 12 SP1-LTSS:ctdb-4.2.4-28.24.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libdcerpc-binding0-32bit-4.2.4-28.24.1
Ссылки
- CVE-2017-15275
- SUSE Bug 1063008
- SUSE Bug 1069666