Описание
Security update for samba
This update for samba fixes the following issues:
The following security vulnerability was fixed:
- CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411)
The following other bugs were fixed:
- Fix libnss_wins.so.2 link libreplace with rpath (bsc#1054849)
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
libdcerpc-binding0-4.4.2-38.20.1
libdcerpc-binding0-32bit-4.4.2-38.20.1
libdcerpc0-4.4.2-38.20.1
libdcerpc0-32bit-4.4.2-38.20.1
libndr-krb5pac0-4.4.2-38.20.1
libndr-krb5pac0-32bit-4.4.2-38.20.1
libndr-nbt0-4.4.2-38.20.1
libndr-nbt0-32bit-4.4.2-38.20.1
libndr-standard0-4.4.2-38.20.1
libndr-standard0-32bit-4.4.2-38.20.1
libndr0-4.4.2-38.20.1
libndr0-32bit-4.4.2-38.20.1
libnetapi0-4.4.2-38.20.1
libnetapi0-32bit-4.4.2-38.20.1
libsamba-credentials0-4.4.2-38.20.1
libsamba-credentials0-32bit-4.4.2-38.20.1
libsamba-errors0-4.4.2-38.20.1
libsamba-errors0-32bit-4.4.2-38.20.1
libsamba-hostconfig0-4.4.2-38.20.1
libsamba-hostconfig0-32bit-4.4.2-38.20.1
libsamba-passdb0-4.4.2-38.20.1
libsamba-passdb0-32bit-4.4.2-38.20.1
libsamba-util0-4.4.2-38.20.1
libsamba-util0-32bit-4.4.2-38.20.1
libsamdb0-4.4.2-38.20.1
libsamdb0-32bit-4.4.2-38.20.1
libsmbclient0-4.4.2-38.20.1
libsmbclient0-32bit-4.4.2-38.20.1
libsmbconf0-4.4.2-38.20.1
libsmbconf0-32bit-4.4.2-38.20.1
libsmbldap0-4.4.2-38.20.1
libsmbldap0-32bit-4.4.2-38.20.1
libtevent-util0-4.4.2-38.20.1
libtevent-util0-32bit-4.4.2-38.20.1
libwbclient0-4.4.2-38.20.1
libwbclient0-32bit-4.4.2-38.20.1
samba-4.4.2-38.20.1
samba-client-4.4.2-38.20.1
samba-client-32bit-4.4.2-38.20.1
samba-doc-4.4.2-38.20.1
samba-libs-4.4.2-38.20.1
samba-libs-32bit-4.4.2-38.20.1
samba-winbind-4.4.2-38.20.1
samba-winbind-32bit-4.4.2-38.20.1
Ссылки
- Link for SUSE-SU-2018:2320-2
- E-Mail link for SUSE-SU-2018:2320-2
- SUSE Security Ratings
- SUSE Bug 1054849
- SUSE Bug 1103411
- SUSE CVE CVE-2018-10858 page
Описание
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:libdcerpc-binding0-32bit-4.4.2-38.20.1
SUSE Linux Enterprise Server 12 SP2-BCL:libdcerpc-binding0-4.4.2-38.20.1
SUSE Linux Enterprise Server 12 SP2-BCL:libdcerpc0-32bit-4.4.2-38.20.1
SUSE Linux Enterprise Server 12 SP2-BCL:libdcerpc0-4.4.2-38.20.1
Ссылки
- CVE-2018-10858
- SUSE Bug 1103411
- SUSE Bug 1110943