SUSE-SU-2019:14202-1

Опубликовано: 29 окт. 2019

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issue:

CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

ldapsmb-1.34b-94.23.1

libldb1-3.6.3-94.23.1

libsmbclient0-3.6.3-94.23.1

libtalloc2-3.6.3-94.23.1

libtdb1-3.6.3-94.23.1

libtevent0-3.6.3-94.23.1

libwbclient0-3.6.3-94.23.1

samba-3.6.3-94.23.1

samba-client-3.6.3-94.23.1

samba-doc-3.6.3-94.23.1

samba-krb-printing-3.6.3-94.23.1

samba-winbind-3.6.3-94.23.1

SUSE Linux Enterprise Server 11 SP4-LTSS

ldapsmb-1.34b-94.23.1

libldb1-3.6.3-94.23.1

libsmbclient0-3.6.3-94.23.1

libsmbclient0-32bit-3.6.3-94.23.1

libtalloc2-3.6.3-94.23.1

libtalloc2-32bit-3.6.3-94.23.1

libtdb1-3.6.3-94.23.1

libtdb1-32bit-3.6.3-94.23.1

libtevent0-3.6.3-94.23.1

libtevent0-32bit-3.6.3-94.23.1

libwbclient0-3.6.3-94.23.1

libwbclient0-32bit-3.6.3-94.23.1

samba-3.6.3-94.23.1

samba-32bit-3.6.3-94.23.1

samba-client-3.6.3-94.23.1

samba-client-32bit-3.6.3-94.23.1

samba-doc-3.6.3-94.23.1

samba-krb-printing-3.6.3-94.23.1

samba-winbind-3.6.3-94.23.1

samba-winbind-32bit-3.6.3-94.23.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-201914202-1/
Link for SUSE-SU-2019:14202-1
https://lists.suse.com/pipermail/sle-security-updates/2019-October/006067.html
E-Mail link for SUSE-SU-2019:14202-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1144902
SUSE Bug 1144902
https://www.suse.com/security/cve/CVE-2019-10218/
SUSE CVE CVE-2019-10218 page

Описание

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

Затронутые продукты

SUSE Linux Enterprise Point of Sale 11 SP3:ldapsmb-1.34b-94.23.1

SUSE Linux Enterprise Point of Sale 11 SP3:libldb1-3.6.3-94.23.1

SUSE Linux Enterprise Point of Sale 11 SP3:libsmbclient0-3.6.3-94.23.1

SUSE Linux Enterprise Point of Sale 11 SP3:libtalloc2-3.6.3-94.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-10218.html
CVE-2019-10218
https://bugzilla.suse.com/1144902
SUSE Bug 1144902
https://bugzilla.suse.com/1144903
SUSE Bug 1144903

SUSE-SU-2019:14202-1

Описание

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

SUSE Linux Enterprise Server 11 SP4-LTSS

Ссылки

Уязвимость: CVE-2019-10218

Описание

Затронутые продукты

Ссылки