ALT-BU-2015-2319-1
Branch p7 update bulletin.
Closed vulnerabilities
BDU:2015-10377
Уязвимость функции the _netr_ServerPasswordSet пакета программ сетевого взаимодействия Samba, позволяющая нарушителю выполнить произвольный код c привилегиями администратора
BDU:2016-00900
Уязвимость файловой системы Samba, позволяющая нарушителю получить конфиденциальную информацию или вызвать отказ в обслуживании
BDU:2021-01296
Уязвимость библиотеки libldb пакета программ сетевого взаимодействия Samba, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2021-01299
Уязвимость функции ldb_wildcard_compare пакета программ сетевого взаимодействия Samba, связанная с ошибкой в обработке чисел, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01300
Уязвимость конфигурации Active Directory Domain Controller (AD DC) пакета программ сетевого взаимодействия Samba, связанная с недостатком механизма контроля привилегий и средств управления доступом, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2014-8143
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.
- openSUSE-SU-2015:0375
- openSUSE-SU-2015:0375
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- 62594
- 62594
- 72278
- 72278
- 1031615
- 1031615
- SSA:2015-020-01
- SSA:2015-020-01
- USN-2481-1
- USN-2481-1
- https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch
- https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch
- https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch
- https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch
- samba-cve20148143-priv-esc(100596)
- samba-cve20148143-priv-esc(100596)
- https://www.samba.org/samba/security/CVE-2014-8143
- https://www.samba.org/samba/security/CVE-2014-8143
Modified: 2024-11-21
CVE-2015-0240
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
- http://advisories.mageia.org/MGASA-2015-0084.html
- http://advisories.mageia.org/MGASA-2015-0084.html
- SUSE-SU-2015:0353
- SUSE-SU-2015:0353
- SUSE-SU-2015:0371
- SUSE-SU-2015:0371
- openSUSE-SU-2015:0375
- openSUSE-SU-2015:0375
- SUSE-SU-2015:0386
- SUSE-SU-2015:0386
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1107
- HPSBGN03288
- HPSBGN03288
- SSRT101979
- SSRT101979
- HPSBUX03320
- HPSBUX03320
- SSRT101952
- SSRT101952
- RHSA-2015:0249
- RHSA-2015:0249
- RHSA-2015:0250
- RHSA-2015:0250
- RHSA-2015:0251
- RHSA-2015:0251
- RHSA-2015:0252
- RHSA-2015:0252
- RHSA-2015:0253
- RHSA-2015:0253
- RHSA-2015:0254
- RHSA-2015:0254
- RHSA-2015:0255
- RHSA-2015:0255
- RHSA-2015:0256
- RHSA-2015:0256
- RHSA-2015:0257
- RHSA-2015:0257
- GLSA-201502-15
- GLSA-201502-15
- DSA-3171
- DSA-3171
- MDVSA-2015:081
- MDVSA-2015:081
- MDVSA-2015:082
- MDVSA-2015:082
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- 72711
- 72711
- 1031783
- 1031783
- SSA:2015-064-01
- SSA:2015-064-01
- USN-2508-1
- USN-2508-1
- https://access.redhat.com/articles/1346913
- https://access.redhat.com/articles/1346913
- https://bugzilla.redhat.com/show_bug.cgi?id=1191325
- https://bugzilla.redhat.com/show_bug.cgi?id=1191325
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
- https://support.lenovo.com/product_security/samba_remote_vuln
- https://support.lenovo.com/product_security/samba_remote_vuln
- https://support.lenovo.com/us/en/product_security/samba_remote_vuln
- https://support.lenovo.com/us/en/product_security/samba_remote_vuln
- 36741
- 36741
- https://www.samba.org/samba/security/CVE-2015-0240
- https://www.samba.org/samba/security/CVE-2015-0240
Modified: 2024-11-21
CVE-2015-3223
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
- FEDORA-2015-b36076d32e
- FEDORA-2015-b36076d32e
- FEDORA-2015-0e0879cc8a
- FEDORA-2015-0e0879cc8a
- SUSE-SU-2015:2304
- SUSE-SU-2015:2304
- SUSE-SU-2015:2305
- SUSE-SU-2015:2305
- openSUSE-SU-2015:2354
- openSUSE-SU-2015:2354
- openSUSE-SU-2015:2356
- openSUSE-SU-2015:2356
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- DSA-3433
- DSA-3433
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- 79731
- 79731
- 1034493
- 1034493
- USN-2855-1
- USN-2855-1
- USN-2855-2
- USN-2855-2
- USN-2856-1
- USN-2856-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1290287
- https://bugzilla.redhat.com/show_bug.cgi?id=1290287
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ec504dbf69636a554add1f3d5703dd6c3ad450b8
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ec504dbf69636a554add1f3d5703dd6c3ad450b8
- GLSA-201612-47
- GLSA-201612-47
- https://www.samba.org/samba/security/CVE-2015-3223.html
- https://www.samba.org/samba/security/CVE-2015-3223.html
Modified: 2024-11-21
CVE-2015-5330
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.
- SUSE-SU-2015:2304
- SUSE-SU-2015:2304
- SUSE-SU-2015:2305
- SUSE-SU-2015:2305
- openSUSE-SU-2015:2354
- openSUSE-SU-2015:2354
- openSUSE-SU-2015:2356
- openSUSE-SU-2015:2356
- SUSE-SU-2016:0032
- SUSE-SU-2016:0032
- SUSE-SU-2016:0164
- SUSE-SU-2016:0164
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1064
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1106
- openSUSE-SU-2016:1107
- openSUSE-SU-2016:1107
- DSA-3433
- DSA-3433
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- 79734
- 79734
- 1034493
- 1034493
- USN-2855-1
- USN-2855-1
- USN-2855-2
- USN-2855-2
- USN-2856-1
- USN-2856-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1281326
- https://bugzilla.redhat.com/show_bug.cgi?id=1281326
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=0454b95657846fcecf0f51b6f1194faac02518bd
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=0454b95657846fcecf0f51b6f1194faac02518bd
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=538d305de91e34a2938f5f219f18bf0e1918763f
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=538d305de91e34a2938f5f219f18bf0e1918763f
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a118d4220ed85749c07fb43c1229d9e2fecbea6b
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a118d4220ed85749c07fb43c1229d9e2fecbea6b
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ba5dbda6d0174a59d221c45cca52ecd232820d48
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ba5dbda6d0174a59d221c45cca52ecd232820d48
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=f36cb71c330a52106e36028b3029d952257baf15
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=f36cb71c330a52106e36028b3029d952257baf15
- GLSA-201612-47
- GLSA-201612-47
- https://www.samba.org/samba/security/CVE-2015-5330.html
- https://www.samba.org/samba/security/CVE-2015-5330.html
Modified: 2024-11-21
CVE-2016-0771
The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.
- openSUSE-SU-2016:0813
- openSUSE-SU-2016:0813
- DSA-3514
- DSA-3514
- 84273
- 84273
- 1035219
- 1035219
- USN-2922-1
- USN-2922-1
- https://bugzilla.samba.org/show_bug.cgi?id=11128
- https://bugzilla.samba.org/show_bug.cgi?id=11128
- https://bugzilla.samba.org/show_bug.cgi?id=11686
- https://bugzilla.samba.org/show_bug.cgi?id=11686
- https://www.samba.org/samba/security/CVE-2016-0771.html
- https://www.samba.org/samba/security/CVE-2016-0771.html
Package virtualbox updated to version 4.3.22-alt0.M70P.1 for branch p7 in task 140792.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-6588
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2014-6589
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2014-6590
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2014-6595
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2015-0427
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595.
- openSUSE-SU-2015:0229
- openSUSE-SU-2015:0229
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72216
- 72216
- oracle-cpujan2015-cve20150427(100181)
- oracle-cpujan2015-cve20150427(100181)
- GLSA-201612-27
- GLSA-201612-27
Closed bugs
Хорошо-бы обновить версию
Package kernel-modules-virtualbox-std-def updated to version 4.3.22-alt1.200225.1 for branch p7 in task 140792.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-6588
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2014-6589
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2014-6590
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2014-6595
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2015-0427
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595.
- openSUSE-SU-2015:0229
- openSUSE-SU-2015:0229
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72216
- 72216
- oracle-cpujan2015-cve20150427(100181)
- oracle-cpujan2015-cve20150427(100181)
- GLSA-201612-27
- GLSA-201612-27
Package kernel-modules-virtualbox-addition-std-def updated to version 4.3.22-alt1.200225.1 for branch p7 in task 140792.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-6588
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2014-6589
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2014-6590
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2014-6595
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427.
Modified: 2024-11-21
CVE-2015-0427
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595.
- openSUSE-SU-2015:0229
- openSUSE-SU-2015:0229
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72216
- 72216
- oracle-cpujan2015-cve20150427(100181)
- oracle-cpujan2015-cve20150427(100181)
- GLSA-201612-27
- GLSA-201612-27
Package alterator-auth updated to version 0.26-alt1 for branch p7 in task 140979.
Closed bugs
Оторвать slappasswd от сервера
Grammar