Описание
Security update for samba
This update for samba fixes the following issues:
Update to samba version 4.7.11.
Security issues fixed:
- CVE-2018-14629: Fixed CNAME loops in Samba AD DC DNS server (bsc#1116319).
- CVE-2018-16841: Fixed segfault on PKINIT when mis-matching principal (bsc#1116320).
- CVE-2018-16851: Fixed NULL pointer de-reference in Samba AD DC LDAP server (bsc#1116322).
- CVE-2018-16853: Mark MIT support for the AD DC experimental (bsc#1116324).
Non-security issues fixed:
- Fixed do not take over stderr when there is no log file (bsc#1101499).
- Fixed ctdb_mutex_ceph_rados_helper deadlock; (bsc#1102230).
- Fixed ntlm authentications with 'winbind use default domain = yes'; (bsc#1068059).
- Fixed idmap_rid to have primary group other than 'Domain Users'; (bsc#1087931).
- Fixed windows domain with one way trust that was not working (bsc#1087303).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Package Hub 15
Ссылки
- Link for SUSE-SU-2018:4066-1
- E-Mail link for SUSE-SU-2018:4066-1
- SUSE Security Ratings
- SUSE Bug 1068059
- SUSE Bug 1087303
- SUSE Bug 1087931
- SUSE Bug 1101499
- SUSE Bug 1102230
- SUSE Bug 1116319
- SUSE Bug 1116320
- SUSE Bug 1116322
- SUSE Bug 1116324
- SUSE CVE CVE-2018-14629 page
- SUSE CVE CVE-2018-16841 page
- SUSE CVE CVE-2018-16851 page
- SUSE CVE CVE-2018-16853 page
Описание
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.
Затронутые продукты
Ссылки
- CVE-2018-14629
- SUSE Bug 1116319
Описание
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
Затронутые продукты
Ссылки
- CVE-2018-16841
- SUSE Bug 1116320
Описание
Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.
Затронутые продукты
Ссылки
- CVE-2018-16851
- SUSE Bug 1116322
Описание
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.
Затронутые продукты
Ссылки
- CVE-2018-16853
- SUSE Bug 1116324