ALT-BU-2018-3128-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2021-08-19
BDU:2018-00367
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с отсутствием проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2021-08-19
BDU:2018-00368
Уязвимость сервера LDAP пакета программ сетевого взаимодействия Samba, позволяющая нарушителю изменять пароли других пользователей
Modified: 2024-11-21
CVE-2018-1050
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
- http://www.securityfocus.com/bid/103387
- http://www.securitytracker.com/id/1040493
- https://access.redhat.com/errata/RHSA-2018:1860
- https://access.redhat.com/errata/RHSA-2018:1883
- https://access.redhat.com/errata/RHSA-2018:2612
- https://access.redhat.com/errata/RHSA-2018:2613
- https://access.redhat.com/errata/RHSA-2018:3056
- https://bugzilla.redhat.com/show_bug.cgi?id=1538771
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
- https://usn.ubuntu.com/3595-1/
- https://usn.ubuntu.com/3595-2/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1050.html
- http://www.securityfocus.com/bid/103387
- http://www.securitytracker.com/id/1040493
- https://access.redhat.com/errata/RHSA-2018:1860
- https://access.redhat.com/errata/RHSA-2018:1883
- https://access.redhat.com/errata/RHSA-2018:2612
- https://access.redhat.com/errata/RHSA-2018:2613
- https://access.redhat.com/errata/RHSA-2018:3056
- https://bugzilla.redhat.com/show_bug.cgi?id=1538771
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
- https://usn.ubuntu.com/3595-1/
- https://usn.ubuntu.com/3595-2/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1050.html
Modified: 2024-11-21
CVE-2018-1057
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
- http://www.securityfocus.com/bid/103382
- http://www.securitytracker.com/id/1040494
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://usn.ubuntu.com/3595-1/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.synology.com/support/security/Synology_SA_18_08
- http://www.securityfocus.com/bid/103382
- http://www.securitytracker.com/id/1040494
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://usn.ubuntu.com/3595-1/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.synology.com/support/security/Synology_SA_18_08
Closed vulnerabilities
Modified: 2021-08-19
BDU:2018-00367
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с отсутствием проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2021-08-19
BDU:2018-00368
Уязвимость сервера LDAP пакета программ сетевого взаимодействия Samba, позволяющая нарушителю изменять пароли других пользователей
Modified: 2024-11-21
CVE-2018-1050
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
- http://www.securityfocus.com/bid/103387
- http://www.securitytracker.com/id/1040493
- https://access.redhat.com/errata/RHSA-2018:1860
- https://access.redhat.com/errata/RHSA-2018:1883
- https://access.redhat.com/errata/RHSA-2018:2612
- https://access.redhat.com/errata/RHSA-2018:2613
- https://access.redhat.com/errata/RHSA-2018:3056
- https://bugzilla.redhat.com/show_bug.cgi?id=1538771
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
- https://usn.ubuntu.com/3595-1/
- https://usn.ubuntu.com/3595-2/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1050.html
- http://www.securityfocus.com/bid/103387
- http://www.securitytracker.com/id/1040493
- https://access.redhat.com/errata/RHSA-2018:1860
- https://access.redhat.com/errata/RHSA-2018:1883
- https://access.redhat.com/errata/RHSA-2018:2612
- https://access.redhat.com/errata/RHSA-2018:2613
- https://access.redhat.com/errata/RHSA-2018:3056
- https://bugzilla.redhat.com/show_bug.cgi?id=1538771
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us
- https://usn.ubuntu.com/3595-1/
- https://usn.ubuntu.com/3595-2/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1050.html
Modified: 2024-11-21
CVE-2018-1057
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
- http://www.securityfocus.com/bid/103382
- http://www.securitytracker.com/id/1040494
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://usn.ubuntu.com/3595-1/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.synology.com/support/security/Synology_SA_18_08
- http://www.securityfocus.com/bid/103382
- http://www.securitytracker.com/id/1040494
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://usn.ubuntu.com/3595-1/
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.synology.com/support/security/Synology_SA_18_08
Closed vulnerabilities
Modified: 2021-03-23
BDU:2019-02469
Уязвимость компонента systemd-tmpfiles демона Systemd, позволяющая нарушителю получить доступ к произвольным файлам
Modified: 2025-06-09
CVE-2018-6954
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html
- https://github.com/systemd/systemd/issues/7986
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://usn.ubuntu.com/3816-1/
- https://usn.ubuntu.com/3816-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html
- https://github.com/systemd/systemd/issues/7986
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://usn.ubuntu.com/3816-1/
- https://usn.ubuntu.com/3816-2/