Описание
Security update for samba
This update for samba fixes the following issues:
The following security issues were fixed:
- CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741).
- CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411)
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
libdcerpc-atsvc0-4.2.4-28.29.1
Ссылки
- Link for SUSE-SU-2018:2339-2
- E-Mail link for SUSE-SU-2018:2339-2
- SUSE Security Ratings
- SUSE Bug 1081741
- SUSE Bug 1103411
- SUSE CVE CVE-2018-1050 page
- SUSE CVE CVE-2018-10858 page
Описание
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:libdcerpc-atsvc0-4.2.4-28.29.1
Ссылки
- CVE-2018-1050
- SUSE Bug 1081741
Описание
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:libdcerpc-atsvc0-4.2.4-28.29.1
Ссылки
- CVE-2018-10858
- SUSE Bug 1103411
- SUSE Bug 1110943