Описание
Security update for samba
This update for samba fixes the following issues:
The following security issues were fixed:
- CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741).
- CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411)
Список пакетов
SUSE Enterprise Storage 4
libdcerpc-atsvc0-4.2.4-28.29.1
SUSE Linux Enterprise High Availability Extension 12 SP1
ctdb-4.2.4-28.29.1
SUSE Linux Enterprise Server 12 SP1-LTSS
ctdb-4.2.4-28.29.1
libdcerpc-binding0-4.2.4-28.29.1
libdcerpc-binding0-32bit-4.2.4-28.29.1
libdcerpc0-4.2.4-28.29.1
libdcerpc0-32bit-4.2.4-28.29.1
libgensec0-4.2.4-28.29.1
libgensec0-32bit-4.2.4-28.29.1
libndr-krb5pac0-4.2.4-28.29.1
libndr-krb5pac0-32bit-4.2.4-28.29.1
libndr-nbt0-4.2.4-28.29.1
libndr-nbt0-32bit-4.2.4-28.29.1
libndr-standard0-4.2.4-28.29.1
libndr-standard0-32bit-4.2.4-28.29.1
libndr0-4.2.4-28.29.1
libndr0-32bit-4.2.4-28.29.1
libnetapi0-4.2.4-28.29.1
libnetapi0-32bit-4.2.4-28.29.1
libregistry0-4.2.4-28.29.1
libsamba-credentials0-4.2.4-28.29.1
libsamba-credentials0-32bit-4.2.4-28.29.1
libsamba-hostconfig0-4.2.4-28.29.1
libsamba-hostconfig0-32bit-4.2.4-28.29.1
libsamba-passdb0-4.2.4-28.29.1
libsamba-passdb0-32bit-4.2.4-28.29.1
libsamba-util0-4.2.4-28.29.1
libsamba-util0-32bit-4.2.4-28.29.1
libsamdb0-4.2.4-28.29.1
libsamdb0-32bit-4.2.4-28.29.1
libsmbclient-raw0-4.2.4-28.29.1
libsmbclient-raw0-32bit-4.2.4-28.29.1
libsmbclient0-4.2.4-28.29.1
libsmbclient0-32bit-4.2.4-28.29.1
libsmbconf0-4.2.4-28.29.1
libsmbconf0-32bit-4.2.4-28.29.1
libsmbldap0-4.2.4-28.29.1
libsmbldap0-32bit-4.2.4-28.29.1
libtevent-util0-4.2.4-28.29.1
libtevent-util0-32bit-4.2.4-28.29.1
libwbclient0-4.2.4-28.29.1
libwbclient0-32bit-4.2.4-28.29.1
samba-4.2.4-28.29.1
samba-32bit-4.2.4-28.29.1
samba-client-4.2.4-28.29.1
samba-client-32bit-4.2.4-28.29.1
samba-doc-4.2.4-28.29.1
samba-libs-4.2.4-28.29.1
samba-libs-32bit-4.2.4-28.29.1
samba-winbind-4.2.4-28.29.1
samba-winbind-32bit-4.2.4-28.29.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libdcerpc-atsvc0-4.2.4-28.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
ctdb-4.2.4-28.29.1
libdcerpc-binding0-4.2.4-28.29.1
libdcerpc-binding0-32bit-4.2.4-28.29.1
libdcerpc0-4.2.4-28.29.1
libdcerpc0-32bit-4.2.4-28.29.1
libgensec0-4.2.4-28.29.1
libgensec0-32bit-4.2.4-28.29.1
libndr-krb5pac0-4.2.4-28.29.1
libndr-krb5pac0-32bit-4.2.4-28.29.1
libndr-nbt0-4.2.4-28.29.1
libndr-nbt0-32bit-4.2.4-28.29.1
libndr-standard0-4.2.4-28.29.1
libndr-standard0-32bit-4.2.4-28.29.1
libndr0-4.2.4-28.29.1
libndr0-32bit-4.2.4-28.29.1
libnetapi0-4.2.4-28.29.1
libnetapi0-32bit-4.2.4-28.29.1
libregistry0-4.2.4-28.29.1
libsamba-credentials0-4.2.4-28.29.1
libsamba-credentials0-32bit-4.2.4-28.29.1
libsamba-hostconfig0-4.2.4-28.29.1
libsamba-hostconfig0-32bit-4.2.4-28.29.1
libsamba-passdb0-4.2.4-28.29.1
libsamba-passdb0-32bit-4.2.4-28.29.1
libsamba-util0-4.2.4-28.29.1
libsamba-util0-32bit-4.2.4-28.29.1
libsamdb0-4.2.4-28.29.1
libsamdb0-32bit-4.2.4-28.29.1
libsmbclient-raw0-4.2.4-28.29.1
libsmbclient-raw0-32bit-4.2.4-28.29.1
libsmbclient0-4.2.4-28.29.1
libsmbclient0-32bit-4.2.4-28.29.1
libsmbconf0-4.2.4-28.29.1
libsmbconf0-32bit-4.2.4-28.29.1
libsmbldap0-4.2.4-28.29.1
libsmbldap0-32bit-4.2.4-28.29.1
libtevent-util0-4.2.4-28.29.1
libtevent-util0-32bit-4.2.4-28.29.1
libwbclient0-4.2.4-28.29.1
libwbclient0-32bit-4.2.4-28.29.1
samba-4.2.4-28.29.1
samba-32bit-4.2.4-28.29.1
samba-client-4.2.4-28.29.1
samba-client-32bit-4.2.4-28.29.1
samba-doc-4.2.4-28.29.1
samba-libs-4.2.4-28.29.1
samba-libs-32bit-4.2.4-28.29.1
samba-winbind-4.2.4-28.29.1
samba-winbind-32bit-4.2.4-28.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libdcerpc-atsvc0-4.2.4-28.29.1
SUSE OpenStack Cloud 7
libdcerpc-atsvc0-4.2.4-28.29.1
Ссылки
- Link for SUSE-SU-2018:2339-1
- E-Mail link for SUSE-SU-2018:2339-1
- SUSE Security Ratings
- SUSE Bug 1081741
- SUSE Bug 1103411
- SUSE CVE CVE-2018-1050 page
- SUSE CVE CVE-2018-10858 page
Описание
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
Затронутые продукты
SUSE Enterprise Storage 4:libdcerpc-atsvc0-4.2.4-28.29.1
SUSE Linux Enterprise High Availability Extension 12 SP1:ctdb-4.2.4-28.29.1
SUSE Linux Enterprise Server 12 SP1-LTSS:ctdb-4.2.4-28.29.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libdcerpc-binding0-32bit-4.2.4-28.29.1
Ссылки
- CVE-2018-1050
- SUSE Bug 1081741
Описание
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
Затронутые продукты
SUSE Enterprise Storage 4:libdcerpc-atsvc0-4.2.4-28.29.1
SUSE Linux Enterprise High Availability Extension 12 SP1:ctdb-4.2.4-28.29.1
SUSE Linux Enterprise Server 12 SP1-LTSS:ctdb-4.2.4-28.29.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libdcerpc-binding0-32bit-4.2.4-28.29.1
Ссылки
- CVE-2018-10858
- SUSE Bug 1103411
- SUSE Bug 1110943