Branch sisyphus update bulletin.

Package libldb updated to version 2.0.10-alt1 for branch sisyphus in task 250772.

Published: 2003-04-08

BDU:2015-08214

Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2003-04-08

BDU:2015-08216

Severity: CRITICAL (10.0)

References:

Published: 2003-04-08

BDU:2015-08218

Severity: CRITICAL (10.0)

References:

Published: 2003-04-08

BDU:2015-08220

Severity: CRITICAL (10.0)

References:

Published: 2001-06-23
Modified: 2024-11-21

CVE-2001-1162

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

Severity: CRITICAL (10.0)

References:

Package samba updated to version 4.11.8-alt1 for branch sisyphus in task 250772.

Published: 2020-04-20

BDU:2020-04036

Уязвимость сервера LDAP пакета программ сетевого взаимодействия Samba, настроенного как контроллер домена Active Directory, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2020-10704

Published: 2020-05-04

BDU:2021-01208

Уязвимость LDAP-сервера samba AD DC, связанная с ошибками при обработке элементов управления «Paged Results» и «ASQ», позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

CVE-2020-10700

Published: 2020-05-05
Modified: 2024-11-21

CVE-2020-10700

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2020-05-06
Modified: 2024-11-21

CVE-2020-10704

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package minio updated to version 2020.04.28-alt1 for branch sisyphus in task 250804.

Published: 2020-04-24
Modified: 2024-11-21

CVE-2020-11012

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Version: 2.1.0

Branch sisyphus update on 2020-04-30

ALT-BU-2020-3788-1

ALT-PU-2020-1887-1

Closed vulnerabilities

BDU:2015-08214

BDU:2015-08216

BDU:2015-08218

BDU:2015-08220

CVE-2001-1162

ALT-PU-2020-1888-1

Closed vulnerabilities

BDU:2020-04036

BDU:2021-01208

CVE-2020-10700

CVE-2020-10704

ALT-PU-2020-1889-1

Closed vulnerabilities

CVE-2020-11012