Branch c8.1 update bulletin.

Package samba updated to version 4.6.16-alt1.N.M80C.1 for branch c8.1 in task 211596.

Published: 2018-08-22

BDU:2019-01639

Уязвимость программного обеспечения Samba, связанная c переполнением буфера динамической памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-10858

Published: 2018-08-22

BDU:2020-00692

Уязвимость компонента Active Directory LDAP-сервера программ сетевого взаимодействия Samba, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-10919

Published: 2018-08-22
Modified: 2024-11-21

CVE-2018-10858

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-08-22
Modified: 2024-11-21

CVE-2018-10919

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Package samba-DC updated to version 4.6.16-alt1.N.M80C.1 for branch c8.1 in task 211596.

Published: 2018-08-22

BDU:2019-01639

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-10858

Published: 2018-08-22

BDU:2020-00692

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-10919

Published: 2018-08-22
Modified: 2024-11-21

CVE-2018-10858

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-08-22
Modified: 2024-11-21

CVE-2018-10919

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Package sssd updated to version 1.16.2-alt1.N.M80C.1.1 for branch c8.1 in task 211596.

Published: 2018-07-27

BDU:2019-04067

Уязвимость функции ssedb_search_user_by_upn_res() сервиса управления доступом к удаленным каталогам и механизмам аутентификации sssd, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2017-12173

Published: 2018-07-27
Modified: 2024-11-21

CVE-2017-12173

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

sssd не перезапускается при обновлении (до sssd-1.15.3-alt1.M80P.1)

logrotate из коробки не хочет ротировать sssd логи

Version: 2.1.0

Branch c8.1 update on 2018-08-24

ALT-BU-2018-3417-1

ALT-PU-2018-2200-1

Closed vulnerabilities

BDU:2019-01639

BDU:2020-00692

CVE-2018-10858

CVE-2018-10919

ALT-PU-2018-2201-1

Closed vulnerabilities

BDU:2019-01639

BDU:2020-00692

CVE-2018-10858

CVE-2018-10919

ALT-PU-2018-2202-1

Closed vulnerabilities

BDU:2019-04067

CVE-2017-12173

Closed bugs

Bug #34054

Bug #34335