openSUSE-SU-2019:1180-1

Опубликовано: 10 апр. 2019

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

Security issue fixed:

CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).

ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686):

Out of bound read in ldb_wildcard_compare
Hold at most 10 outstanding paged result cookies
Put 'results_store' into a doubly linked list
Refuse to build Samba against a newer minor version of ldb

Non-security issues fixed:

Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377).
Abide to the load_printers parameter in smb.conf (bsc#1124223).

This update was imported from SUSE:SLE-15:Update project.

Список пакетов

openSUSE Leap 15.0

ctdb-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

ctdb-pcp-pmda-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

ctdb-tests-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

ldb-tools-1.2.4-lp150.10.1

libdcerpc-binding0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc-binding0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc-samr-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc-samr0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc-samr0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libldb-devel-1.2.4-lp150.10.1

libldb1-1.2.4-lp150.10.1

libldb1-32bit-1.2.4-lp150.10.1

libndr-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr-krb5pac-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr-krb5pac0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr-krb5pac0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr-nbt-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr-nbt0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr-nbt0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr-standard-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr-standard0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr-standard0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libndr0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libnetapi-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libnetapi0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libnetapi0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-credentials-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-credentials0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-credentials0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-errors-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-errors0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-errors0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-hostconfig-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-hostconfig0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-hostconfig0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-passdb-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-passdb0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-passdb0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-policy-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-policy0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-policy0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-util-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-util0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamba-util0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamdb-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamdb0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsamdb0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsmbclient-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsmbclient0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsmbclient0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsmbconf-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsmbconf0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsmbconf0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsmbldap-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsmbldap2-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libsmbldap2-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libtevent-util-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libtevent-util0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libtevent-util0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libwbclient-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libwbclient0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libwbclient0-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

python-ldb-1.2.4-lp150.10.1

python-ldb-32bit-1.2.4-lp150.10.1

python-ldb-devel-1.2.4-lp150.10.1

python3-ldb-1.2.4-lp150.10.1

python3-ldb-32bit-1.2.4-lp150.10.1

python3-ldb-devel-1.2.4-lp150.10.1

samba-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-ceph-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-client-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-client-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-core-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-doc-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-dsdb-modules-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-kdc-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-kdc-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-libs-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-libs-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-pidl-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-python-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-test-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-winbind-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

samba-winbind-32bit-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A3YQCPWQDOVIHYCAJA7PNFVBS6RMALBA/#A3YQCPWQDOVIHYCAJA7PNFVBS6RMALBA
E-Mail link for openSUSE-SU-2019:1180-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1114407
SUSE Bug 1114407
https://bugzilla.suse.com/1124223
SUSE Bug 1124223
https://bugzilla.suse.com/1125410
SUSE Bug 1125410
https://bugzilla.suse.com/1126377
SUSE Bug 1126377
https://bugzilla.suse.com/1131060
SUSE Bug 1131060
https://bugzilla.suse.com/1131686
SUSE Bug 1131686
https://www.suse.com/security/cve/CVE-2019-3880/
SUSE CVE CVE-2019-3880 page

Описание

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Затронутые продукты

openSUSE Leap 15.0:ctdb-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

openSUSE Leap 15.0:ctdb-pcp-pmda-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

openSUSE Leap 15.0:ctdb-tests-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

openSUSE Leap 15.0:ldb-tools-1.2.4-lp150.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-3880.html
CVE-2019-3880
https://bugzilla.suse.com/1131060
SUSE Bug 1131060
https://bugzilla.suse.com/1139519
SUSE Bug 1139519

openSUSE-SU-2019:1180-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-3880

Описание

Затронутые продукты

Ссылки