ALT-BU-2018-3128-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2018-00367
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с отсутствием проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2018-00368
Уязвимость сервера LDAP пакета программ сетевого взаимодействия Samba, позволяющая нарушителю изменять пароли других пользователей
Modified: 2024-11-21
CVE-2018-1050
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
- 103387
- 103387
- 1040493
- 1040493
- RHSA-2018:1860
- RHSA-2018:1860
- RHSA-2018:1883
- RHSA-2018:1883
- RHSA-2018:2612
- RHSA-2018:2612
- RHSA-2018:2613
- RHSA-2018:2613
- RHSA-2018:3056
- RHSA-2018:3056
- https://bugzilla.redhat.com/show_bug.cgi?id=1538771
- https://bugzilla.redhat.com/show_bug.cgi?id=1538771
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20180327 [SECURITY] [DLA 1320-1] samba security update
- [debian-lts-announce] 20180327 [SECURITY] [DLA 1320-1] samba security update
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
- GLSA-201805-07
- GLSA-201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
- USN-3595-1
- USN-3595-1
- USN-3595-2
- USN-3595-2
- DSA-4135
- DSA-4135
- https://www.samba.org/samba/security/CVE-2018-1050.html
- https://www.samba.org/samba/security/CVE-2018-1050.html
Modified: 2024-11-21
CVE-2018-1057
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
- 103382
- 103382
- 1040494
- 1040494
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
- GLSA-201805-07
- GLSA-201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://security.netapp.com/advisory/ntap-20180313-0001/
- USN-3595-1
- USN-3595-1
- DSA-4135
- DSA-4135
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.synology.com/support/security/Synology_SA_18_08
- https://www.synology.com/support/security/Synology_SA_18_08
Closed vulnerabilities
BDU:2018-00367
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с отсутствием проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2018-00368
Уязвимость сервера LDAP пакета программ сетевого взаимодействия Samba, позволяющая нарушителю изменять пароли других пользователей
Modified: 2024-11-21
CVE-2018-1050
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
- 103387
- 103387
- 1040493
- 1040493
- RHSA-2018:1860
- RHSA-2018:1860
- RHSA-2018:1883
- RHSA-2018:1883
- RHSA-2018:2612
- RHSA-2018:2612
- RHSA-2018:2613
- RHSA-2018:2613
- RHSA-2018:3056
- RHSA-2018:3056
- https://bugzilla.redhat.com/show_bug.cgi?id=1538771
- https://bugzilla.redhat.com/show_bug.cgi?id=1538771
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- [debian-lts-announce] 20180327 [SECURITY] [DLA 1320-1] samba security update
- [debian-lts-announce] 20180327 [SECURITY] [DLA 1320-1] samba security update
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
- GLSA-201805-07
- GLSA-201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
- USN-3595-1
- USN-3595-1
- USN-3595-2
- USN-3595-2
- DSA-4135
- DSA-4135
- https://www.samba.org/samba/security/CVE-2018-1050.html
- https://www.samba.org/samba/security/CVE-2018-1050.html
Modified: 2024-11-21
CVE-2018-1057
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
- 103382
- 103382
- 1040494
- 1040494
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
- [debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update
- GLSA-201805-07
- GLSA-201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://security.netapp.com/advisory/ntap-20180313-0001/
- USN-3595-1
- USN-3595-1
- DSA-4135
- DSA-4135
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.synology.com/support/security/Synology_SA_18_08
- https://www.synology.com/support/security/Synology_SA_18_08
Closed vulnerabilities
BDU:2019-02469
Уязвимость компонента systemd-tmpfiles демона Systemd, позволяющая нарушителю получить доступ к произвольным файлам
Modified: 2024-11-21
CVE-2018-6954
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
- openSUSE-SU-2019:1450
- openSUSE-SU-2019:1450
- https://github.com/systemd/systemd/issues/7986
- https://github.com/systemd/systemd/issues/7986
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- USN-3816-1
- USN-3816-1
- USN-3816-2
- USN-3816-2