openSUSE-SU-2017:2713-1

Опубликовано: 11 окт. 2017

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes several issues.

These security issues were fixed:

CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624).
CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622).
CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565).

These non-security issues were fixed:

Fixed error where short name length was read as 2 bytes, should be 1 (bsc#1042419)
Fixed GUID string format on GetPrinter to prevent published printers from disappearing 7 (bsc#1050707).
Halt endless forest trust scan to prevent winbind from running out of memory (bsc#1044084).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2

ctdb-4.4.2-11.12.1

ctdb-tests-4.4.2-11.12.1

libdcerpc-binding0-4.4.2-11.12.1

libdcerpc-binding0-32bit-4.4.2-11.12.1

libdcerpc-devel-4.4.2-11.12.1

libdcerpc-samr-devel-4.4.2-11.12.1

libdcerpc-samr0-4.4.2-11.12.1

libdcerpc-samr0-32bit-4.4.2-11.12.1

libdcerpc0-4.4.2-11.12.1

libdcerpc0-32bit-4.4.2-11.12.1

libndr-devel-4.4.2-11.12.1

libndr-krb5pac-devel-4.4.2-11.12.1

libndr-krb5pac0-4.4.2-11.12.1

libndr-krb5pac0-32bit-4.4.2-11.12.1

libndr-nbt-devel-4.4.2-11.12.1

libndr-nbt0-4.4.2-11.12.1

libndr-nbt0-32bit-4.4.2-11.12.1

libndr-standard-devel-4.4.2-11.12.1

libndr-standard0-4.4.2-11.12.1

libndr-standard0-32bit-4.4.2-11.12.1

libndr0-4.4.2-11.12.1

libndr0-32bit-4.4.2-11.12.1

libnetapi-devel-4.4.2-11.12.1

libnetapi0-4.4.2-11.12.1

libnetapi0-32bit-4.4.2-11.12.1

libsamba-credentials-devel-4.4.2-11.12.1

libsamba-credentials0-4.4.2-11.12.1

libsamba-credentials0-32bit-4.4.2-11.12.1

libsamba-errors-devel-4.4.2-11.12.1

libsamba-errors0-4.4.2-11.12.1

libsamba-errors0-32bit-4.4.2-11.12.1

libsamba-hostconfig-devel-4.4.2-11.12.1

libsamba-hostconfig0-4.4.2-11.12.1

libsamba-hostconfig0-32bit-4.4.2-11.12.1

libsamba-passdb-devel-4.4.2-11.12.1

libsamba-passdb0-4.4.2-11.12.1

libsamba-passdb0-32bit-4.4.2-11.12.1

libsamba-policy-devel-4.4.2-11.12.1

libsamba-policy0-4.4.2-11.12.1

libsamba-policy0-32bit-4.4.2-11.12.1

libsamba-util-devel-4.4.2-11.12.1

libsamba-util0-4.4.2-11.12.1

libsamba-util0-32bit-4.4.2-11.12.1

libsamdb-devel-4.4.2-11.12.1

libsamdb0-4.4.2-11.12.1

libsamdb0-32bit-4.4.2-11.12.1

libsmbclient-devel-4.4.2-11.12.1

libsmbclient0-4.4.2-11.12.1

libsmbclient0-32bit-4.4.2-11.12.1

libsmbconf-devel-4.4.2-11.12.1

libsmbconf0-4.4.2-11.12.1

libsmbconf0-32bit-4.4.2-11.12.1

libsmbldap-devel-4.4.2-11.12.1

libsmbldap0-4.4.2-11.12.1

libsmbldap0-32bit-4.4.2-11.12.1

libtevent-util-devel-4.4.2-11.12.1

libtevent-util0-4.4.2-11.12.1

libtevent-util0-32bit-4.4.2-11.12.1

libwbclient-devel-4.4.2-11.12.1

libwbclient0-4.4.2-11.12.1

libwbclient0-32bit-4.4.2-11.12.1

samba-4.4.2-11.12.1

samba-client-4.4.2-11.12.1

samba-client-32bit-4.4.2-11.12.1

samba-core-devel-4.4.2-11.12.1

samba-doc-4.4.2-11.12.1

samba-libs-4.4.2-11.12.1

samba-libs-32bit-4.4.2-11.12.1

samba-pidl-4.4.2-11.12.1

samba-python-4.4.2-11.12.1

samba-test-4.4.2-11.12.1

samba-winbind-4.4.2-11.12.1

samba-winbind-32bit-4.4.2-11.12.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-10/msg00042.html
E-Mail link for openSUSE-SU-2017:2713-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

Затронутые продукты

openSUSE Leap 42.2:ctdb-4.4.2-11.12.1

openSUSE Leap 42.2:ctdb-tests-4.4.2-11.12.1

openSUSE Leap 42.2:libdcerpc-binding0-32bit-4.4.2-11.12.1

openSUSE Leap 42.2:libdcerpc-binding0-4.4.2-11.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-12150.html
CVE-2017-12150
https://bugzilla.suse.com/1058622
SUSE Bug 1058622

Описание

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Затронутые продукты

openSUSE Leap 42.2:ctdb-4.4.2-11.12.1

openSUSE Leap 42.2:ctdb-tests-4.4.2-11.12.1

openSUSE Leap 42.2:libdcerpc-binding0-32bit-4.4.2-11.12.1

openSUSE Leap 42.2:libdcerpc-binding0-4.4.2-11.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-12151.html
CVE-2017-12151
https://bugzilla.suse.com/1058565
SUSE Bug 1058565

Описание

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Затронутые продукты

openSUSE Leap 42.2:ctdb-4.4.2-11.12.1

openSUSE Leap 42.2:ctdb-tests-4.4.2-11.12.1

openSUSE Leap 42.2:libdcerpc-binding0-32bit-4.4.2-11.12.1

openSUSE Leap 42.2:libdcerpc-binding0-4.4.2-11.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-12163.html
CVE-2017-12163
https://bugzilla.suse.com/1058410
SUSE Bug 1058410
https://bugzilla.suse.com/1058624
SUSE Bug 1058624

openSUSE-SU-2017:2713-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-12150

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-12151

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-12163

Описание

Затронутые продукты

Ссылки