Branch sisyphus update bulletin.

Package samba updated to version 4.6.11-alt1.S1 for branch sisyphus in task 195034.

Published: 2021-03-21
Modified: 2021-03-23

BDU:2021-01422

Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, связанная с использованием области памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2017-14746

Published: 2021-03-21
Modified: 2021-03-23

BDU:2021-01435

Уязвимость пакета программ сетевого взаимодействия Samba, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

CVE-2017-15275

Published: 2017-11-27
Modified: 2025-04-20

CVE-2017-14746

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-11-27
Modified: 2025-04-20

CVE-2017-15275

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Package samba-DC updated to version 4.6.11-alt1.S1 for branch sisyphus in task 195034.

Published: 2021-03-21
Modified: 2021-03-23

BDU:2021-01422

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2017-14746

Published: 2021-03-21
Modified: 2021-03-23

BDU:2021-01435

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

CVE-2017-15275

Published: 2017-11-27
Modified: 2025-04-20

CVE-2017-14746

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-11-27
Modified: 2025-04-20

CVE-2017-15275

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Package sssd updated to version 1.15.3-alt5.S1 for branch sisyphus in task 195042.

sssd не перезапускается при обновлении (до sssd-1.15.3-alt1.M80P.1)

Version: 2.1.2

Branch sisyphus update on 2017-11-22

ALT-BU-2017-3513-1

ALT-PU-2017-2679-1

Closed vulnerabilities

BDU:2021-01422

BDU:2021-01435

CVE-2017-14746

CVE-2017-15275

ALT-PU-2017-2680-1

Closed vulnerabilities

BDU:2021-01422

BDU:2021-01435

CVE-2017-14746

CVE-2017-15275

ALT-PU-2017-2681-1

Closed bugs

Bug #34054