Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:2321-1

Опубликовано: 14 авг. 2018
Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

Security issues fixed:

  • CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741).
  • CVE-2017-14746: Fixed use-after-free vulnerability (bsc#1060427).
  • CVE-2017-15275: Fixed server heap memory information leak (bsc#1063008).
  • CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411)

Bug fixes:

  • bsc#1027593: Update 'winbind expand groups' doc in smb.conf man page.

Список пакетов

SUSE Linux Enterprise High Availability Extension 12
ctdb-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS
ctdb-4.2.4-18.49.1
libdcerpc-binding0-4.2.4-18.49.1
libdcerpc-binding0-32bit-4.2.4-18.49.1
libdcerpc0-4.2.4-18.49.1
libdcerpc0-32bit-4.2.4-18.49.1
libgensec0-4.2.4-18.49.1
libgensec0-32bit-4.2.4-18.49.1
libndr-krb5pac0-4.2.4-18.49.1
libndr-krb5pac0-32bit-4.2.4-18.49.1
libndr-nbt0-4.2.4-18.49.1
libndr-nbt0-32bit-4.2.4-18.49.1
libndr-standard0-4.2.4-18.49.1
libndr-standard0-32bit-4.2.4-18.49.1
libndr0-4.2.4-18.49.1
libndr0-32bit-4.2.4-18.49.1
libnetapi0-4.2.4-18.49.1
libnetapi0-32bit-4.2.4-18.49.1
libregistry0-4.2.4-18.49.1
libsamba-credentials0-4.2.4-18.49.1
libsamba-credentials0-32bit-4.2.4-18.49.1
libsamba-hostconfig0-4.2.4-18.49.1
libsamba-hostconfig0-32bit-4.2.4-18.49.1
libsamba-passdb0-4.2.4-18.49.1
libsamba-passdb0-32bit-4.2.4-18.49.1
libsamba-util0-4.2.4-18.49.1
libsamba-util0-32bit-4.2.4-18.49.1
libsamdb0-4.2.4-18.49.1
libsamdb0-32bit-4.2.4-18.49.1
libsmbclient-raw0-4.2.4-18.49.1
libsmbclient-raw0-32bit-4.2.4-18.49.1
libsmbclient0-4.2.4-18.49.1
libsmbclient0-32bit-4.2.4-18.49.1
libsmbconf0-4.2.4-18.49.1
libsmbconf0-32bit-4.2.4-18.49.1
libsmbldap0-4.2.4-18.49.1
libsmbldap0-32bit-4.2.4-18.49.1
libtevent-util0-4.2.4-18.49.1
libtevent-util0-32bit-4.2.4-18.49.1
libwbclient0-4.2.4-18.49.1
libwbclient0-32bit-4.2.4-18.49.1
samba-4.2.4-18.49.1
samba-32bit-4.2.4-18.49.1
samba-client-4.2.4-18.49.1
samba-client-32bit-4.2.4-18.49.1
samba-doc-4.2.4-18.49.1
samba-libs-4.2.4-18.49.1
samba-libs-32bit-4.2.4-18.49.1
samba-winbind-4.2.4-18.49.1
samba-winbind-32bit-4.2.4-18.49.1

Ссылки

Описание

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12:ctdb-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:ctdb-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-32bit-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-4.2.4-18.49.1
Ссылки

Описание

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12:ctdb-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:ctdb-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-32bit-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-4.2.4-18.49.1
Ссылки

Описание

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12:ctdb-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:ctdb-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-32bit-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-4.2.4-18.49.1
Ссылки

Описание

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12:ctdb-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:ctdb-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-32bit-4.2.4-18.49.1
SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-4.2.4-18.49.1
Ссылки
Уязвимость SUSE-SU-2018:2321-1