Описание
Security update for samba
This update for samba fixes the following issues:
Security issues fixed:
- CVE-2017-14746: Use-after-free vulnerability (bsc#1060427).
- CVE-2017-15275: Server heap memory information leak (bsc#1063008).
- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file (bsc#1058624).
- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565).
- CVE-2017-12150: Some code path don't enforce smb signing when they should (bsc#1058565).
Bug fixes:
- Samba was updated to 4.6.9 (bsc#1065066) see release notes for details.
Список пакетов
SUSE Enterprise Storage 5
ctdb-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-ceph-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3
libdcerpc-binding0-4.6.9+git.59.c2cff9cea4c-3.17.1
libdcerpc-binding0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libdcerpc0-4.6.9+git.59.c2cff9cea4c-3.17.1
libdcerpc0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-krb5pac0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-krb5pac0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-nbt0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-nbt0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-standard0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-standard0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libnetapi0-4.6.9+git.59.c2cff9cea4c-3.17.1
libnetapi0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-credentials0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-credentials0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-errors0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-errors0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-hostconfig0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-hostconfig0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-passdb0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-passdb0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-util0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-util0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamdb0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamdb0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbclient0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbclient0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbconf0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbconf0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbldap0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbldap0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libtevent-util0-4.6.9+git.59.c2cff9cea4c-3.17.1
libtevent-util0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libwbclient0-4.6.9+git.59.c2cff9cea4c-3.17.1
libwbclient0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-client-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-client-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-doc-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-libs-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-libs-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-winbind-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-winbind-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise High Availability Extension 12 SP3
ctdb-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Server 12 SP3
libdcerpc-binding0-4.6.9+git.59.c2cff9cea4c-3.17.1
libdcerpc-binding0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libdcerpc0-4.6.9+git.59.c2cff9cea4c-3.17.1
libdcerpc0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-krb5pac0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-krb5pac0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-nbt0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-nbt0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-standard0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-standard0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libnetapi0-4.6.9+git.59.c2cff9cea4c-3.17.1
libnetapi0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-credentials0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-credentials0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-errors0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-errors0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-hostconfig0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-hostconfig0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-passdb0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-passdb0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-util0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-util0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamdb0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamdb0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbclient0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbclient0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbconf0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbconf0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbldap0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbldap0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libtevent-util0-4.6.9+git.59.c2cff9cea4c-3.17.1
libtevent-util0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libwbclient0-4.6.9+git.59.c2cff9cea4c-3.17.1
libwbclient0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-client-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-client-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-doc-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-libs-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-libs-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-winbind-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-winbind-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libdcerpc-binding0-4.6.9+git.59.c2cff9cea4c-3.17.1
libdcerpc-binding0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libdcerpc0-4.6.9+git.59.c2cff9cea4c-3.17.1
libdcerpc0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-krb5pac0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-krb5pac0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-nbt0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-nbt0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-standard0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr-standard0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr0-4.6.9+git.59.c2cff9cea4c-3.17.1
libndr0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libnetapi0-4.6.9+git.59.c2cff9cea4c-3.17.1
libnetapi0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-credentials0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-credentials0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-errors0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-errors0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-hostconfig0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-hostconfig0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-passdb0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-passdb0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-util0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamba-util0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamdb0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsamdb0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbclient0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbclient0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbconf0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbconf0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbldap0-4.6.9+git.59.c2cff9cea4c-3.17.1
libsmbldap0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libtevent-util0-4.6.9+git.59.c2cff9cea4c-3.17.1
libtevent-util0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
libwbclient0-4.6.9+git.59.c2cff9cea4c-3.17.1
libwbclient0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-client-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-client-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-doc-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-libs-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-libs-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-winbind-4.6.9+git.59.c2cff9cea4c-3.17.1
samba-winbind-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libsmbclient-devel-4.6.9+git.59.c2cff9cea4c-3.17.1
libwbclient-devel-4.6.9+git.59.c2cff9cea4c-3.17.1
Ссылки
- Link for SUSE-SU-2017:3155-1
- E-Mail link for SUSE-SU-2017:3155-1
- SUSE Security Ratings
- SUSE Bug 1058565
- SUSE Bug 1058622
- SUSE Bug 1058624
- SUSE Bug 1060427
- SUSE Bug 1063008
- SUSE Bug 1065066
- SUSE CVE CVE-2017-12150 page
- SUSE CVE CVE-2017-12151 page
- SUSE CVE CVE-2017-12163 page
- SUSE CVE CVE-2017-14746 page
- SUSE CVE CVE-2017-15275 page
Описание
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
Затронутые продукты
SUSE Enterprise Storage 5:ctdb-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Enterprise Storage 5:samba-ceph-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-4.6.9+git.59.c2cff9cea4c-3.17.1
Ссылки
- CVE-2017-12150
- SUSE Bug 1058622
Описание
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
Затронутые продукты
SUSE Enterprise Storage 5:ctdb-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Enterprise Storage 5:samba-ceph-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-4.6.9+git.59.c2cff9cea4c-3.17.1
Ссылки
- CVE-2017-12151
- SUSE Bug 1058565
Описание
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
Затронутые продукты
SUSE Enterprise Storage 5:ctdb-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Enterprise Storage 5:samba-ceph-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-4.6.9+git.59.c2cff9cea4c-3.17.1
Ссылки
- CVE-2017-12163
- SUSE Bug 1058410
- SUSE Bug 1058624
Описание
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
Затронутые продукты
SUSE Enterprise Storage 5:ctdb-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Enterprise Storage 5:samba-ceph-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-4.6.9+git.59.c2cff9cea4c-3.17.1
Ссылки
- CVE-2017-14746
- SUSE Bug 1060427
- SUSE Bug 1069666
Описание
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
Затронутые продукты
SUSE Enterprise Storage 5:ctdb-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Enterprise Storage 5:samba-ceph-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1
SUSE Linux Enterprise Desktop 12 SP3:libdcerpc-binding0-4.6.9+git.59.c2cff9cea4c-3.17.1
Ссылки
- CVE-2017-15275
- SUSE Bug 1063008
- SUSE Bug 1069666