Описание
Security update for yast2-samba-provision
This update for yast2-samba-provision fixes the following issues:
Security issue fixed:
- CVE-2018-17956: Fixed a credentials leak (bsc#1117597).
Non-Security issues fixed:
- Stop packaging docdir, it only contained the license which is now in licensedir. (bsc#1184897)
- Catch and show internal python exceptions. (bsc#1140548)
- Show a dialog with provision details or errors. (bsc#1132676)
- Add metainfo (fate#319035)
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP4
yast2-samba-provision-1.0.5-150400.9.3.3
openSUSE Leap 15.4
yast2-samba-provision-1.0.5-150400.9.3.3
Ссылки
- Link for SUSE-SU-2022:3199-1
- E-Mail link for SUSE-SU-2022:3199-1
- SUSE Security Ratings
- SUSE Bug 1117597
- SUSE Bug 1132676
- SUSE Bug 1140548
- SUSE Bug 1184897
- SUSE CVE CVE-2018-17956 page
Описание
In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP4:yast2-samba-provision-1.0.5-150400.9.3.3
openSUSE Leap 15.4:yast2-samba-provision-1.0.5-150400.9.3.3
Ссылки
- CVE-2018-17956
- SUSE Bug 1117597