SUSE-SU-2019:14042-1

Опубликовано: 10 мая 2019

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

Security issue fixed:

CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).

Non-security issue fixed:

Make init scripts create log directories before running daemons (bsc#1101499)

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

ldapsmb-1.34b-94.19.2

libldb1-3.6.3-94.19.2

libsmbclient0-3.6.3-94.19.2

libtalloc2-3.6.3-94.19.2

libtdb1-3.6.3-94.19.2

libtevent0-3.6.3-94.19.2

libwbclient0-3.6.3-94.19.2

samba-3.6.3-94.19.2

samba-client-3.6.3-94.19.2

samba-doc-3.6.3-94.19.2

samba-krb-printing-3.6.3-94.19.2

samba-winbind-3.6.3-94.19.2

SUSE Linux Enterprise Server 11 SP4-LTSS

ldapsmb-1.34b-94.19.2

libldb1-3.6.3-94.19.2

libsmbclient0-3.6.3-94.19.2

libsmbclient0-32bit-3.6.3-94.19.2

libtalloc2-3.6.3-94.19.2

libtalloc2-32bit-3.6.3-94.19.2

libtdb1-3.6.3-94.19.2

libtdb1-32bit-3.6.3-94.19.2

libtevent0-3.6.3-94.19.2

libtevent0-32bit-3.6.3-94.19.2

libwbclient0-3.6.3-94.19.2

libwbclient0-32bit-3.6.3-94.19.2

samba-3.6.3-94.19.2

samba-32bit-3.6.3-94.19.2

samba-client-3.6.3-94.19.2

samba-client-32bit-3.6.3-94.19.2

samba-doc-3.6.3-94.19.2

samba-krb-printing-3.6.3-94.19.2

samba-winbind-3.6.3-94.19.2

samba-winbind-32bit-3.6.3-94.19.2

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-201914042-1/
Link for SUSE-SU-2019:14042-1
https://lists.suse.com/pipermail/sle-security-updates/2019-May/005435.html
E-Mail link for SUSE-SU-2019:14042-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1101499
SUSE Bug 1101499
https://bugzilla.suse.com/1131060
SUSE Bug 1131060
https://www.suse.com/security/cve/CVE-2019-3880/
SUSE CVE CVE-2019-3880 page

Описание

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Затронутые продукты

SUSE Linux Enterprise Point of Sale 11 SP3:ldapsmb-1.34b-94.19.2

SUSE Linux Enterprise Point of Sale 11 SP3:libldb1-3.6.3-94.19.2

SUSE Linux Enterprise Point of Sale 11 SP3:libsmbclient0-3.6.3-94.19.2

SUSE Linux Enterprise Point of Sale 11 SP3:libtalloc2-3.6.3-94.19.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-3880.html
CVE-2019-3880
https://bugzilla.suse.com/1131060
SUSE Bug 1131060
https://bugzilla.suse.com/1139519
SUSE Bug 1139519

SUSE-SU-2019:14042-1

Описание

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

SUSE Linux Enterprise Server 11 SP4-LTSS

Ссылки

Уязвимость: CVE-2019-3880

Описание

Затронутые продукты

Ссылки