SUSE-SU-2017:3104-1

Опубликовано: 27 нояб. 2017

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

Security issues fixed:

CVE-2017-14746: Use-after-free vulnerability (bsc#1060427).
CVE-2017-15275: Server heap memory information leak (bsc#1063008).

Bug fixes:

Update 'winbind expand groups' doc in smb.conf man page (bsc#1027593).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

libdcerpc-binding0-4.4.2-38.14.1

libdcerpc-binding0-32bit-4.4.2-38.14.1

libdcerpc0-4.4.2-38.14.1

libdcerpc0-32bit-4.4.2-38.14.1

libndr-krb5pac0-4.4.2-38.14.1

libndr-krb5pac0-32bit-4.4.2-38.14.1

libndr-nbt0-4.4.2-38.14.1

libndr-nbt0-32bit-4.4.2-38.14.1

libndr-standard0-4.4.2-38.14.1

libndr-standard0-32bit-4.4.2-38.14.1

libndr0-4.4.2-38.14.1

libndr0-32bit-4.4.2-38.14.1

libnetapi0-4.4.2-38.14.1

libnetapi0-32bit-4.4.2-38.14.1

libsamba-credentials0-4.4.2-38.14.1

libsamba-credentials0-32bit-4.4.2-38.14.1

libsamba-errors0-4.4.2-38.14.1

libsamba-errors0-32bit-4.4.2-38.14.1

libsamba-hostconfig0-4.4.2-38.14.1

libsamba-hostconfig0-32bit-4.4.2-38.14.1

libsamba-passdb0-4.4.2-38.14.1

libsamba-passdb0-32bit-4.4.2-38.14.1

libsamba-util0-4.4.2-38.14.1

libsamba-util0-32bit-4.4.2-38.14.1

libsamdb0-4.4.2-38.14.1

libsamdb0-32bit-4.4.2-38.14.1

libsmbclient0-4.4.2-38.14.1

libsmbclient0-32bit-4.4.2-38.14.1

libsmbconf0-4.4.2-38.14.1

libsmbconf0-32bit-4.4.2-38.14.1

libsmbldap0-4.4.2-38.14.1

libsmbldap0-32bit-4.4.2-38.14.1

libtevent-util0-4.4.2-38.14.1

libtevent-util0-32bit-4.4.2-38.14.1

libwbclient0-4.4.2-38.14.1

libwbclient0-32bit-4.4.2-38.14.1

samba-4.4.2-38.14.1

samba-client-4.4.2-38.14.1

samba-client-32bit-4.4.2-38.14.1

samba-doc-4.4.2-38.14.1

samba-libs-4.4.2-38.14.1

samba-libs-32bit-4.4.2-38.14.1

samba-winbind-4.4.2-38.14.1

samba-winbind-32bit-4.4.2-38.14.1

SUSE Linux Enterprise High Availability Extension 12 SP2

ctdb-4.4.2-38.14.1

SUSE Linux Enterprise Server 12 SP2

libdcerpc-binding0-4.4.2-38.14.1

libdcerpc-binding0-32bit-4.4.2-38.14.1

libdcerpc0-4.4.2-38.14.1

libdcerpc0-32bit-4.4.2-38.14.1

libndr-krb5pac0-4.4.2-38.14.1

libndr-krb5pac0-32bit-4.4.2-38.14.1

libndr-nbt0-4.4.2-38.14.1

libndr-nbt0-32bit-4.4.2-38.14.1

libndr-standard0-4.4.2-38.14.1

libndr-standard0-32bit-4.4.2-38.14.1

libndr0-4.4.2-38.14.1

libndr0-32bit-4.4.2-38.14.1

libnetapi0-4.4.2-38.14.1

libnetapi0-32bit-4.4.2-38.14.1

libsamba-credentials0-4.4.2-38.14.1

libsamba-credentials0-32bit-4.4.2-38.14.1

libsamba-errors0-4.4.2-38.14.1

libsamba-errors0-32bit-4.4.2-38.14.1

libsamba-hostconfig0-4.4.2-38.14.1

libsamba-hostconfig0-32bit-4.4.2-38.14.1

libsamba-passdb0-4.4.2-38.14.1

libsamba-passdb0-32bit-4.4.2-38.14.1

libsamba-util0-4.4.2-38.14.1

libsamba-util0-32bit-4.4.2-38.14.1

libsamdb0-4.4.2-38.14.1

libsamdb0-32bit-4.4.2-38.14.1

libsmbclient0-4.4.2-38.14.1

libsmbclient0-32bit-4.4.2-38.14.1

libsmbconf0-4.4.2-38.14.1

libsmbconf0-32bit-4.4.2-38.14.1

libsmbldap0-4.4.2-38.14.1

libsmbldap0-32bit-4.4.2-38.14.1

libtevent-util0-4.4.2-38.14.1

libtevent-util0-32bit-4.4.2-38.14.1

libwbclient0-4.4.2-38.14.1

libwbclient0-32bit-4.4.2-38.14.1

samba-4.4.2-38.14.1

samba-client-4.4.2-38.14.1

samba-client-32bit-4.4.2-38.14.1

samba-doc-4.4.2-38.14.1

samba-libs-4.4.2-38.14.1

samba-libs-32bit-4.4.2-38.14.1

samba-winbind-4.4.2-38.14.1

samba-winbind-32bit-4.4.2-38.14.1

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

libdcerpc-binding0-4.4.2-38.14.1

libdcerpc0-4.4.2-38.14.1

libndr-krb5pac0-4.4.2-38.14.1

libndr-nbt0-4.4.2-38.14.1

libndr-standard0-4.4.2-38.14.1

libndr0-4.4.2-38.14.1

libnetapi0-4.4.2-38.14.1

libsamba-credentials0-4.4.2-38.14.1

libsamba-errors0-4.4.2-38.14.1

libsamba-hostconfig0-4.4.2-38.14.1

libsamba-passdb0-4.4.2-38.14.1

libsamba-util0-4.4.2-38.14.1

libsamdb0-4.4.2-38.14.1

libsmbclient0-4.4.2-38.14.1

libsmbconf0-4.4.2-38.14.1

libsmbldap0-4.4.2-38.14.1

libtevent-util0-4.4.2-38.14.1

libwbclient0-4.4.2-38.14.1

samba-4.4.2-38.14.1

samba-client-4.4.2-38.14.1

samba-doc-4.4.2-38.14.1

samba-libs-4.4.2-38.14.1

samba-winbind-4.4.2-38.14.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

libdcerpc-binding0-4.4.2-38.14.1

libdcerpc-binding0-32bit-4.4.2-38.14.1

libdcerpc0-4.4.2-38.14.1

libdcerpc0-32bit-4.4.2-38.14.1

libndr-krb5pac0-4.4.2-38.14.1

libndr-krb5pac0-32bit-4.4.2-38.14.1

libndr-nbt0-4.4.2-38.14.1

libndr-nbt0-32bit-4.4.2-38.14.1

libndr-standard0-4.4.2-38.14.1

libndr-standard0-32bit-4.4.2-38.14.1

libndr0-4.4.2-38.14.1

libndr0-32bit-4.4.2-38.14.1

libnetapi0-4.4.2-38.14.1

libnetapi0-32bit-4.4.2-38.14.1

libsamba-credentials0-4.4.2-38.14.1

libsamba-credentials0-32bit-4.4.2-38.14.1

libsamba-errors0-4.4.2-38.14.1

libsamba-errors0-32bit-4.4.2-38.14.1

libsamba-hostconfig0-4.4.2-38.14.1

libsamba-hostconfig0-32bit-4.4.2-38.14.1

libsamba-passdb0-4.4.2-38.14.1

libsamba-passdb0-32bit-4.4.2-38.14.1

libsamba-util0-4.4.2-38.14.1

libsamba-util0-32bit-4.4.2-38.14.1

libsamdb0-4.4.2-38.14.1

libsamdb0-32bit-4.4.2-38.14.1

libsmbclient0-4.4.2-38.14.1

libsmbclient0-32bit-4.4.2-38.14.1

libsmbconf0-4.4.2-38.14.1

libsmbconf0-32bit-4.4.2-38.14.1

libsmbldap0-4.4.2-38.14.1

libsmbldap0-32bit-4.4.2-38.14.1

libtevent-util0-4.4.2-38.14.1

libtevent-util0-32bit-4.4.2-38.14.1

libwbclient0-4.4.2-38.14.1

libwbclient0-32bit-4.4.2-38.14.1

samba-4.4.2-38.14.1

samba-client-4.4.2-38.14.1

samba-client-32bit-4.4.2-38.14.1

samba-doc-4.4.2-38.14.1

samba-libs-4.4.2-38.14.1

samba-libs-32bit-4.4.2-38.14.1

samba-winbind-4.4.2-38.14.1

samba-winbind-32bit-4.4.2-38.14.1

SUSE Linux Enterprise Software Development Kit 12 SP2

libsmbclient-devel-4.4.2-38.14.1

libwbclient-devel-4.4.2-38.14.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20173104-1/
Link for SUSE-SU-2017:3104-1
https://lists.suse.com/pipermail/sle-security-updates/2017-November/003418.html
E-Mail link for SUSE-SU-2017:3104-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1027593
SUSE Bug 1027593
https://bugzilla.suse.com/1060427
SUSE Bug 1060427
https://bugzilla.suse.com/1063008
SUSE Bug 1063008
https://www.suse.com/security/cve/CVE-2017-14746/
SUSE CVE CVE-2017-14746 page
https://www.suse.com/security/cve/CVE-2017-15275/
SUSE CVE CVE-2017-15275 page

Описание

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:libdcerpc-binding0-32bit-4.4.2-38.14.1

SUSE Linux Enterprise Desktop 12 SP2:libdcerpc-binding0-4.4.2-38.14.1

SUSE Linux Enterprise Desktop 12 SP2:libdcerpc0-32bit-4.4.2-38.14.1

SUSE Linux Enterprise Desktop 12 SP2:libdcerpc0-4.4.2-38.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-14746.html
CVE-2017-14746
https://bugzilla.suse.com/1060427
SUSE Bug 1060427
https://bugzilla.suse.com/1069666
SUSE Bug 1069666

Описание

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:libdcerpc-binding0-32bit-4.4.2-38.14.1

SUSE Linux Enterprise Desktop 12 SP2:libdcerpc-binding0-4.4.2-38.14.1

SUSE Linux Enterprise Desktop 12 SP2:libdcerpc0-32bit-4.4.2-38.14.1

SUSE Linux Enterprise Desktop 12 SP2:libdcerpc0-4.4.2-38.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-15275.html
CVE-2017-15275
https://bugzilla.suse.com/1063008
SUSE Bug 1063008
https://bugzilla.suse.com/1069666
SUSE Bug 1069666

SUSE-SU-2017:3104-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

SUSE Linux Enterprise High Availability Extension 12 SP2

SUSE Linux Enterprise Server 12 SP2

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Software Development Kit 12 SP2

Ссылки

Уязвимость: CVE-2017-14746

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-15275

Описание

Затронутые продукты

Ссылки