openSUSE-SU-2018:2396-1

Опубликовано: 17 авг. 2018

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

The following security vulnerability was fixed:

CVE-2018-10858: Fixed insufficient input validation on client directory listing in libsmbclient; (bsc#1103411);

The following other change was made:

s3: winbind: Fix 'winbind normalize names' in wb_getpwsid();
winbind: honor 'winbind use default domain' with empty domain (bsc#1087303)
winbind: do not modify credentials in NTLM passthru (bsc#1068059)
net: fix net ads keytab handling (bsc#1067700)
fix vfs_ceph flock stub

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Список пакетов

openSUSE Leap 42.3

ctdb-4.6.14+git.157.c2d53c2b191-18.1

ctdb-tests-4.6.14+git.157.c2d53c2b191-18.1

libdcerpc-binding0-4.6.14+git.157.c2d53c2b191-18.1

libdcerpc-binding0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libdcerpc-devel-4.6.14+git.157.c2d53c2b191-18.1

libdcerpc-samr-devel-4.6.14+git.157.c2d53c2b191-18.1

libdcerpc-samr0-4.6.14+git.157.c2d53c2b191-18.1

libdcerpc-samr0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libdcerpc0-4.6.14+git.157.c2d53c2b191-18.1

libdcerpc0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libndr-devel-4.6.14+git.157.c2d53c2b191-18.1

libndr-krb5pac-devel-4.6.14+git.157.c2d53c2b191-18.1

libndr-krb5pac0-4.6.14+git.157.c2d53c2b191-18.1

libndr-krb5pac0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libndr-nbt-devel-4.6.14+git.157.c2d53c2b191-18.1

libndr-nbt0-4.6.14+git.157.c2d53c2b191-18.1

libndr-nbt0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libndr-standard-devel-4.6.14+git.157.c2d53c2b191-18.1

libndr-standard0-4.6.14+git.157.c2d53c2b191-18.1

libndr-standard0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libndr0-4.6.14+git.157.c2d53c2b191-18.1

libndr0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libnetapi-devel-4.6.14+git.157.c2d53c2b191-18.1

libnetapi0-4.6.14+git.157.c2d53c2b191-18.1

libnetapi0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libsamba-credentials-devel-4.6.14+git.157.c2d53c2b191-18.1

libsamba-credentials0-4.6.14+git.157.c2d53c2b191-18.1

libsamba-credentials0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libsamba-errors-devel-4.6.14+git.157.c2d53c2b191-18.1

libsamba-errors0-4.6.14+git.157.c2d53c2b191-18.1

libsamba-errors0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libsamba-hostconfig-devel-4.6.14+git.157.c2d53c2b191-18.1

libsamba-hostconfig0-4.6.14+git.157.c2d53c2b191-18.1

libsamba-hostconfig0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libsamba-passdb-devel-4.6.14+git.157.c2d53c2b191-18.1

libsamba-passdb0-4.6.14+git.157.c2d53c2b191-18.1

libsamba-passdb0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libsamba-policy-devel-4.6.14+git.157.c2d53c2b191-18.1

libsamba-policy0-4.6.14+git.157.c2d53c2b191-18.1

libsamba-policy0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libsamba-util-devel-4.6.14+git.157.c2d53c2b191-18.1

libsamba-util0-4.6.14+git.157.c2d53c2b191-18.1

libsamba-util0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libsamdb-devel-4.6.14+git.157.c2d53c2b191-18.1

libsamdb0-4.6.14+git.157.c2d53c2b191-18.1

libsamdb0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libsmbclient-devel-4.6.14+git.157.c2d53c2b191-18.1

libsmbclient0-4.6.14+git.157.c2d53c2b191-18.1

libsmbclient0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libsmbconf-devel-4.6.14+git.157.c2d53c2b191-18.1

libsmbconf0-4.6.14+git.157.c2d53c2b191-18.1

libsmbconf0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libsmbldap-devel-4.6.14+git.157.c2d53c2b191-18.1

libsmbldap0-4.6.14+git.157.c2d53c2b191-18.1

libsmbldap0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libtevent-util-devel-4.6.14+git.157.c2d53c2b191-18.1

libtevent-util0-4.6.14+git.157.c2d53c2b191-18.1

libtevent-util0-32bit-4.6.14+git.157.c2d53c2b191-18.1

libwbclient-devel-4.6.14+git.157.c2d53c2b191-18.1

libwbclient0-4.6.14+git.157.c2d53c2b191-18.1

libwbclient0-32bit-4.6.14+git.157.c2d53c2b191-18.1

samba-4.6.14+git.157.c2d53c2b191-18.1

samba-ceph-4.6.14+git.157.c2d53c2b191-18.1

samba-client-4.6.14+git.157.c2d53c2b191-18.1

samba-client-32bit-4.6.14+git.157.c2d53c2b191-18.1

samba-core-devel-4.6.14+git.157.c2d53c2b191-18.1

samba-doc-4.6.14+git.157.c2d53c2b191-18.1

samba-libs-4.6.14+git.157.c2d53c2b191-18.1

samba-libs-32bit-4.6.14+git.157.c2d53c2b191-18.1

samba-pidl-4.6.14+git.157.c2d53c2b191-18.1

samba-python-4.6.14+git.157.c2d53c2b191-18.1

samba-test-4.6.14+git.157.c2d53c2b191-18.1

samba-winbind-4.6.14+git.157.c2d53c2b191-18.1

samba-winbind-32bit-4.6.14+git.157.c2d53c2b191-18.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00056.html
E-Mail link for openSUSE-SU-2018:2396-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Затронутые продукты

openSUSE Leap 42.3:ctdb-4.6.14+git.157.c2d53c2b191-18.1

openSUSE Leap 42.3:ctdb-tests-4.6.14+git.157.c2d53c2b191-18.1

openSUSE Leap 42.3:libdcerpc-binding0-32bit-4.6.14+git.157.c2d53c2b191-18.1

openSUSE Leap 42.3:libdcerpc-binding0-4.6.14+git.157.c2d53c2b191-18.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-10858.html
CVE-2018-10858
https://bugzilla.suse.com/1103411
SUSE Bug 1103411

openSUSE-SU-2018:2396-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-10858

Описание

Затронутые продукты

Ссылки