SUSE-SU-2019:2875-1

Опубликовано: 31 окт. 2019

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902).

Список пакетов

SUSE Linux Enterprise High Availability Extension 12 SP1

ctdb-4.2.4-28.36.1

SUSE Linux Enterprise Server 12 SP1-LTSS

ctdb-4.2.4-28.36.1

libdcerpc-binding0-4.2.4-28.36.1

libdcerpc-binding0-32bit-4.2.4-28.36.1

libdcerpc0-4.2.4-28.36.1

libdcerpc0-32bit-4.2.4-28.36.1

libgensec0-4.2.4-28.36.1

libgensec0-32bit-4.2.4-28.36.1

libndr-krb5pac0-4.2.4-28.36.1

libndr-krb5pac0-32bit-4.2.4-28.36.1

libndr-nbt0-4.2.4-28.36.1

libndr-nbt0-32bit-4.2.4-28.36.1

libndr-standard0-4.2.4-28.36.1

libndr-standard0-32bit-4.2.4-28.36.1

libndr0-4.2.4-28.36.1

libndr0-32bit-4.2.4-28.36.1

libnetapi0-4.2.4-28.36.1

libnetapi0-32bit-4.2.4-28.36.1

libregistry0-4.2.4-28.36.1

libsamba-credentials0-4.2.4-28.36.1

libsamba-credentials0-32bit-4.2.4-28.36.1

libsamba-hostconfig0-4.2.4-28.36.1

libsamba-hostconfig0-32bit-4.2.4-28.36.1

libsamba-passdb0-4.2.4-28.36.1

libsamba-passdb0-32bit-4.2.4-28.36.1

libsamba-util0-4.2.4-28.36.1

libsamba-util0-32bit-4.2.4-28.36.1

libsamdb0-4.2.4-28.36.1

libsamdb0-32bit-4.2.4-28.36.1

libsmbclient-raw0-4.2.4-28.36.1

libsmbclient-raw0-32bit-4.2.4-28.36.1

libsmbclient0-4.2.4-28.36.1

libsmbclient0-32bit-4.2.4-28.36.1

libsmbconf0-4.2.4-28.36.1

libsmbconf0-32bit-4.2.4-28.36.1

libsmbldap0-4.2.4-28.36.1

libsmbldap0-32bit-4.2.4-28.36.1

libtevent-util0-4.2.4-28.36.1

libtevent-util0-32bit-4.2.4-28.36.1

libwbclient0-4.2.4-28.36.1

libwbclient0-32bit-4.2.4-28.36.1

samba-4.2.4-28.36.1

samba-32bit-4.2.4-28.36.1

samba-client-4.2.4-28.36.1

samba-client-32bit-4.2.4-28.36.1

samba-doc-4.2.4-28.36.1

samba-libs-4.2.4-28.36.1

samba-libs-32bit-4.2.4-28.36.1

samba-winbind-4.2.4-28.36.1

samba-winbind-32bit-4.2.4-28.36.1

SUSE Linux Enterprise Server 12 SP2-BCL

libdcerpc-atsvc0-4.2.4-28.36.1

SUSE Linux Enterprise Server 12 SP2-LTSS

libdcerpc-atsvc0-4.2.4-28.36.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

ctdb-4.2.4-28.36.1

libdcerpc-binding0-4.2.4-28.36.1

libdcerpc-binding0-32bit-4.2.4-28.36.1

libdcerpc0-4.2.4-28.36.1

libdcerpc0-32bit-4.2.4-28.36.1

libgensec0-4.2.4-28.36.1

libgensec0-32bit-4.2.4-28.36.1

libndr-krb5pac0-4.2.4-28.36.1

libndr-krb5pac0-32bit-4.2.4-28.36.1

libndr-nbt0-4.2.4-28.36.1

libndr-nbt0-32bit-4.2.4-28.36.1

libndr-standard0-4.2.4-28.36.1

libndr-standard0-32bit-4.2.4-28.36.1

libndr0-4.2.4-28.36.1

libndr0-32bit-4.2.4-28.36.1

libnetapi0-4.2.4-28.36.1

libnetapi0-32bit-4.2.4-28.36.1

libregistry0-4.2.4-28.36.1

libsamba-credentials0-4.2.4-28.36.1

libsamba-credentials0-32bit-4.2.4-28.36.1

libsamba-hostconfig0-4.2.4-28.36.1

libsamba-hostconfig0-32bit-4.2.4-28.36.1

libsamba-passdb0-4.2.4-28.36.1

libsamba-passdb0-32bit-4.2.4-28.36.1

libsamba-util0-4.2.4-28.36.1

libsamba-util0-32bit-4.2.4-28.36.1

libsamdb0-4.2.4-28.36.1

libsamdb0-32bit-4.2.4-28.36.1

libsmbclient-raw0-4.2.4-28.36.1

libsmbclient-raw0-32bit-4.2.4-28.36.1

libsmbclient0-4.2.4-28.36.1

libsmbclient0-32bit-4.2.4-28.36.1

libsmbconf0-4.2.4-28.36.1

libsmbconf0-32bit-4.2.4-28.36.1

libsmbldap0-4.2.4-28.36.1

libsmbldap0-32bit-4.2.4-28.36.1

libtevent-util0-4.2.4-28.36.1

libtevent-util0-32bit-4.2.4-28.36.1

libwbclient0-4.2.4-28.36.1

libwbclient0-32bit-4.2.4-28.36.1

samba-4.2.4-28.36.1

samba-32bit-4.2.4-28.36.1

samba-client-4.2.4-28.36.1

samba-client-32bit-4.2.4-28.36.1

samba-doc-4.2.4-28.36.1

samba-libs-4.2.4-28.36.1

samba-libs-32bit-4.2.4-28.36.1

samba-winbind-4.2.4-28.36.1

samba-winbind-32bit-4.2.4-28.36.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

libdcerpc-atsvc0-4.2.4-28.36.1

SUSE OpenStack Cloud 7

libdcerpc-atsvc0-4.2.4-28.36.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192875-1/
Link for SUSE-SU-2019:2875-1
https://www.suse.com/support/update/announcement/2019/suse-su-20192875-1.html
E-Mail link for SUSE-SU-2019:2875-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1144902
SUSE Bug 1144902
https://www.suse.com/security/cve/CVE-2019-10218/
SUSE CVE CVE-2019-10218 page

Описание

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

Затронутые продукты

SUSE Linux Enterprise High Availability Extension 12 SP1:ctdb-4.2.4-28.36.1

SUSE Linux Enterprise Server 12 SP1-LTSS:ctdb-4.2.4-28.36.1

SUSE Linux Enterprise Server 12 SP1-LTSS:libdcerpc-binding0-32bit-4.2.4-28.36.1

SUSE Linux Enterprise Server 12 SP1-LTSS:libdcerpc-binding0-4.2.4-28.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-10218.html
CVE-2019-10218
https://bugzilla.suse.com/1144902
SUSE Bug 1144902
https://bugzilla.suse.com/1144903
SUSE Bug 1144903

SUSE-SU-2019:2875-1

Описание

Список пакетов

SUSE Linux Enterprise High Availability Extension 12 SP1

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE OpenStack Cloud 7

Ссылки

Уязвимость: CVE-2019-10218

Описание

Затронутые продукты

Ссылки