Описание
Security update for samba
This update for samba fixes several issues.
These security issues were fixed:
- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624)
- CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622)
- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565)
The following non-security issue was fixed:
- Fix GUID string format on GetPrinter info request. (bsc#1050707)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Список пакетов
openSUSE Leap 42.3
ctdb-4.6.7+git.51.327af8d0a11-6.1
ctdb-tests-4.6.7+git.51.327af8d0a11-6.1
libdcerpc-binding0-4.6.7+git.51.327af8d0a11-6.1
libdcerpc-binding0-32bit-4.6.7+git.51.327af8d0a11-6.1
libdcerpc-devel-4.6.7+git.51.327af8d0a11-6.1
libdcerpc-samr-devel-4.6.7+git.51.327af8d0a11-6.1
libdcerpc-samr0-4.6.7+git.51.327af8d0a11-6.1
libdcerpc-samr0-32bit-4.6.7+git.51.327af8d0a11-6.1
libdcerpc0-4.6.7+git.51.327af8d0a11-6.1
libdcerpc0-32bit-4.6.7+git.51.327af8d0a11-6.1
libndr-devel-4.6.7+git.51.327af8d0a11-6.1
libndr-krb5pac-devel-4.6.7+git.51.327af8d0a11-6.1
libndr-krb5pac0-4.6.7+git.51.327af8d0a11-6.1
libndr-krb5pac0-32bit-4.6.7+git.51.327af8d0a11-6.1
libndr-nbt-devel-4.6.7+git.51.327af8d0a11-6.1
libndr-nbt0-4.6.7+git.51.327af8d0a11-6.1
libndr-nbt0-32bit-4.6.7+git.51.327af8d0a11-6.1
libndr-standard-devel-4.6.7+git.51.327af8d0a11-6.1
libndr-standard0-4.6.7+git.51.327af8d0a11-6.1
libndr-standard0-32bit-4.6.7+git.51.327af8d0a11-6.1
libndr0-4.6.7+git.51.327af8d0a11-6.1
libndr0-32bit-4.6.7+git.51.327af8d0a11-6.1
libnetapi-devel-4.6.7+git.51.327af8d0a11-6.1
libnetapi0-4.6.7+git.51.327af8d0a11-6.1
libnetapi0-32bit-4.6.7+git.51.327af8d0a11-6.1
libsamba-credentials-devel-4.6.7+git.51.327af8d0a11-6.1
libsamba-credentials0-4.6.7+git.51.327af8d0a11-6.1
libsamba-credentials0-32bit-4.6.7+git.51.327af8d0a11-6.1
libsamba-errors-devel-4.6.7+git.51.327af8d0a11-6.1
libsamba-errors0-4.6.7+git.51.327af8d0a11-6.1
libsamba-errors0-32bit-4.6.7+git.51.327af8d0a11-6.1
libsamba-hostconfig-devel-4.6.7+git.51.327af8d0a11-6.1
libsamba-hostconfig0-4.6.7+git.51.327af8d0a11-6.1
libsamba-hostconfig0-32bit-4.6.7+git.51.327af8d0a11-6.1
libsamba-passdb-devel-4.6.7+git.51.327af8d0a11-6.1
libsamba-passdb0-4.6.7+git.51.327af8d0a11-6.1
libsamba-passdb0-32bit-4.6.7+git.51.327af8d0a11-6.1
libsamba-policy-devel-4.6.7+git.51.327af8d0a11-6.1
libsamba-policy0-4.6.7+git.51.327af8d0a11-6.1
libsamba-policy0-32bit-4.6.7+git.51.327af8d0a11-6.1
libsamba-util-devel-4.6.7+git.51.327af8d0a11-6.1
libsamba-util0-4.6.7+git.51.327af8d0a11-6.1
libsamba-util0-32bit-4.6.7+git.51.327af8d0a11-6.1
libsamdb-devel-4.6.7+git.51.327af8d0a11-6.1
libsamdb0-4.6.7+git.51.327af8d0a11-6.1
libsamdb0-32bit-4.6.7+git.51.327af8d0a11-6.1
libsmbclient-devel-4.6.7+git.51.327af8d0a11-6.1
libsmbclient0-4.6.7+git.51.327af8d0a11-6.1
libsmbclient0-32bit-4.6.7+git.51.327af8d0a11-6.1
libsmbconf-devel-4.6.7+git.51.327af8d0a11-6.1
libsmbconf0-4.6.7+git.51.327af8d0a11-6.1
libsmbconf0-32bit-4.6.7+git.51.327af8d0a11-6.1
libsmbldap-devel-4.6.7+git.51.327af8d0a11-6.1
libsmbldap0-4.6.7+git.51.327af8d0a11-6.1
libsmbldap0-32bit-4.6.7+git.51.327af8d0a11-6.1
libtevent-util-devel-4.6.7+git.51.327af8d0a11-6.1
libtevent-util0-4.6.7+git.51.327af8d0a11-6.1
libtevent-util0-32bit-4.6.7+git.51.327af8d0a11-6.1
libwbclient-devel-4.6.7+git.51.327af8d0a11-6.1
libwbclient0-4.6.7+git.51.327af8d0a11-6.1
libwbclient0-32bit-4.6.7+git.51.327af8d0a11-6.1
samba-4.6.7+git.51.327af8d0a11-6.1
samba-ceph-4.6.7+git.51.327af8d0a11-6.1
samba-client-4.6.7+git.51.327af8d0a11-6.1
samba-client-32bit-4.6.7+git.51.327af8d0a11-6.1
samba-core-devel-4.6.7+git.51.327af8d0a11-6.1
samba-doc-4.6.7+git.51.327af8d0a11-6.1
samba-libs-4.6.7+git.51.327af8d0a11-6.1
samba-libs-32bit-4.6.7+git.51.327af8d0a11-6.1
samba-pidl-4.6.7+git.51.327af8d0a11-6.1
samba-python-4.6.7+git.51.327af8d0a11-6.1
samba-test-4.6.7+git.51.327af8d0a11-6.1
samba-winbind-4.6.7+git.51.327af8d0a11-6.1
samba-winbind-32bit-4.6.7+git.51.327af8d0a11-6.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2706-1
- SUSE Security Ratings
Описание
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
Затронутые продукты
openSUSE Leap 42.3:ctdb-4.6.7+git.51.327af8d0a11-6.1
openSUSE Leap 42.3:ctdb-tests-4.6.7+git.51.327af8d0a11-6.1
openSUSE Leap 42.3:libdcerpc-binding0-32bit-4.6.7+git.51.327af8d0a11-6.1
openSUSE Leap 42.3:libdcerpc-binding0-4.6.7+git.51.327af8d0a11-6.1
Ссылки
- CVE-2017-12150
- SUSE Bug 1058622
Описание
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
Затронутые продукты
openSUSE Leap 42.3:ctdb-4.6.7+git.51.327af8d0a11-6.1
openSUSE Leap 42.3:ctdb-tests-4.6.7+git.51.327af8d0a11-6.1
openSUSE Leap 42.3:libdcerpc-binding0-32bit-4.6.7+git.51.327af8d0a11-6.1
openSUSE Leap 42.3:libdcerpc-binding0-4.6.7+git.51.327af8d0a11-6.1
Ссылки
- CVE-2017-12151
- SUSE Bug 1058565
Описание
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
Затронутые продукты
openSUSE Leap 42.3:ctdb-4.6.7+git.51.327af8d0a11-6.1
openSUSE Leap 42.3:ctdb-tests-4.6.7+git.51.327af8d0a11-6.1
openSUSE Leap 42.3:libdcerpc-binding0-32bit-4.6.7+git.51.327af8d0a11-6.1
openSUSE Leap 42.3:libdcerpc-binding0-4.6.7+git.51.327af8d0a11-6.1
Ссылки
- CVE-2017-12163
- SUSE Bug 1058410
- SUSE Bug 1058624