ALT-BU-2020-3935-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-14039
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
- openSUSE-SU-2020:1087
- openSUSE-SU-2020:1087
- openSUSE-SU-2020:1095
- openSUSE-SU-2020:1095
- openSUSE-SU-2020:1405
- openSUSE-SU-2020:1405
- openSUSE-SU-2020:1407
- openSUSE-SU-2020:1407
- https://groups.google.com/forum/#%21forum/golang-announce
- https://groups.google.com/forum/#%21forum/golang-announce
- https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w
- https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w
- https://security.netapp.com/advisory/ntap-20200731-0005/
- https://security.netapp.com/advisory/ntap-20200731-0005/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
Modified: 2024-11-21
CVE-2020-15586
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
- openSUSE-SU-2020:1087
- openSUSE-SU-2020:1087
- openSUSE-SU-2020:1095
- openSUSE-SU-2020:1095
- openSUSE-SU-2020:1405
- openSUSE-SU-2020:1405
- openSUSE-SU-2020:1407
- openSUSE-SU-2020:1407
- https://groups.google.com/forum/#%21topic/golang-announce/f2c5bqrGH_g
- https://groups.google.com/forum/#%21topic/golang-announce/f2c5bqrGH_g
- https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w
- https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update
- FEDORA-2020-d75360e2b0
- FEDORA-2020-d75360e2b0
- FEDORA-2020-9cd1204ba0
- FEDORA-2020-9cd1204ba0
- https://security.netapp.com/advisory/ntap-20200731-0005/
- https://security.netapp.com/advisory/ntap-20200731-0005/
- https://www.cloudfoundry.org/blog/cve-2020-15586/
- https://www.cloudfoundry.org/blog/cve-2020-15586/
- DSA-4848
- DSA-4848
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
Package python3-module-proxmoxer updated to version 1.1.1-alt4 for branch sisyphus in task 255271.
Closed bugs
Зависимости прибиты гвоздями
Closed vulnerabilities
BDU:2015-04793
Уязвимость операционной системы openSUSE, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07553
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07575
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07580
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07588
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-08214
Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-08215
Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-08216
Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-08217
Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-08218
Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-08219
Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-08220
Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-08221
Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09613
Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2003-0085
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
- 20030302-01-I
- 20030302-01-I
- 20030317 GLSA: samba (200303-11)
- 20030317 GLSA: samba (200303-11)
- 20030317 Security Bugfix for Samba - Samba 2.2.8 Released
- 20030317 Security Bugfix for Samba - Samba 2.2.8 Released
- 20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)
- 20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)
- 8299
- 8299
- 8303
- 8303
- DSA-262
- DSA-262
- GLSA-200303-11
- GLSA-200303-11
- VU#298233
- VU#298233
- MDKSA-2003:032
- MDKSA-2003:032
- SuSE-SA:2003:016
- SuSE-SA:2003:016
- RHSA-2003:095
- RHSA-2003:095
- RHSA-2003:096
- RHSA-2003:096
- 20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
- 20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
- APPLE-SA-2003-03-24
- APPLE-SA-2003-03-24
- 20030401 Immunix Secured OS 7+ samba update
- 20030401 Immunix Secured OS 7+ samba update
- IMNX-2003-7+-003-01
- IMNX-2003-7+-003-01
- 7106
- 7106
- oval:org.mitre.oval:def:552
- oval:org.mitre.oval:def:552
Modified: 2024-11-21
CVE-2003-0086
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
- 20030302-01-I
- 20030302-01-I
- 20030317 GLSA: samba (200303-11)
- 20030317 GLSA: samba (200303-11)
- 20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)
- 20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)
- 8299
- 8299
- 8303
- 8303
- DSA-262
- DSA-262
- GLSA-200303-11
- GLSA-200303-11
- MDKSA-2003:032
- MDKSA-2003:032
- SuSE-SA:2003:016
- SuSE-SA:2003:016
- RHSA-2003:095
- RHSA-2003:095
- RHSA-2003:096
- RHSA-2003:096
- 20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
- 20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
- APPLE-SA-2003-03-24
- APPLE-SA-2003-03-24
- 7107
- 7107
- oval:org.mitre.oval:def:554
- oval:org.mitre.oval:def:554
Modified: 2024-11-21
CVE-2003-0196
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
- 20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)
- 20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)
- 20030407 Immunix Secured OS 7+ samba update
- 20030407 Immunix Secured OS 7+ samba update
- DSA-280
- DSA-280
- MDKSA-2003:044
- MDKSA-2003:044
- RHSA-2003:137
- RHSA-2003:137
- oval:org.mitre.oval:def:564
- oval:org.mitre.oval:def:564
Modified: 2024-11-21
CVE-2003-0201
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
- 20030403-01-P
- 20030403-01-P
- CLA-2003:624
- CLA-2003:624
- 20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise
- 20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise
- 20030407 Immunix Secured OS 7+ samba update
- 20030407 Immunix Secured OS 7+ samba update
- 20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08
- 20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08
- 20030409 GLSA: samba (200304-02)
- 20030409 GLSA: samba (200304-02)
- DSA-280
- DSA-280
- http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
- http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
- VU#267873
- VU#267873
- MDKSA-2003:044
- MDKSA-2003:044
- SuSE-SA:2003:025
- SuSE-SA:2003:025
- RHSA-2003:137
- RHSA-2003:137
- 7294
- 7294
- oval:org.mitre.oval:def:2163
- oval:org.mitre.oval:def:2163
- oval:org.mitre.oval:def:567
- oval:org.mitre.oval:def:567
Modified: 2024-11-21
CVE-2004-1154
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
- SCOSA-2005.17
- SCOSA-2005.17
- APPLE-SA-2005-03-21
- APPLE-SA-2005-03-21
- 13453
- 13453
- 101643
- 101643
- 57730
- 57730
- DSA-701
- DSA-701
- 20041216 Samba smbd Security Descriptor Integer Overflow Vulnerability
- 20041216 Samba smbd Security Descriptor Integer Overflow Vulnerability
- VU#226184
- VU#226184
- SUSE-SA:2004:045
- SUSE-SA:2004:045
- RHSA-2005:020
- RHSA-2005:020
- http://www.samba.org/samba/security/CAN-2004-1154.html
- http://www.samba.org/samba/security/CAN-2004-1154.html
- 11973
- 11973
- samba-msrpc-heap-corruption(18519)
- samba-msrpc-heap-corruption(18519)
- oval:org.mitre.oval:def:10236
- oval:org.mitre.oval:def:10236
- oval:org.mitre.oval:def:1459
- oval:org.mitre.oval:def:1459
- oval:org.mitre.oval:def:642
- oval:org.mitre.oval:def:642
Modified: 2024-11-21
CVE-2007-6015
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
- http://bugs.gentoo.org/show_bug.cgi?id=200773
- http://bugs.gentoo.org/show_bug.cgi?id=200773
- http://docs.info.apple.com/article.html?artnum=307430
- http://docs.info.apple.com/article.html?artnum=307430
- APPLE-SA-2008-02-11
- APPLE-SA-2008-02-11
- [Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
- [Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
- HPSBUX02316
- HPSBUX02316
- SSRT071495
- SSRT071495
- 27760
- 27760
- 27894
- 27894
- 27977
- 27977
- 27993
- 27993
- 27999
- 27999
- 28003
- 28003
- 28028
- 28028
- 28029
- 28029
- 28037
- 28037
- 28067
- 28067
- 28089
- 28089
- 28891
- 28891
- 29032
- 29032
- 29341
- 29341
- 30484
- 30484
- 30835
- 30835
- http://secunia.com/secunia_research/2007-99/advisory/
- http://secunia.com/secunia_research/2007-99/advisory/
- GLSA-200712-10
- GLSA-200712-10
- 3438
- 3438
- SSA:2007-344-01
- SSA:2007-344-01
- 238251
- 238251
- 1019295
- 1019295
- http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm
- http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm
- DSA-1427
- DSA-1427
- VU#438395
- VU#438395
- MDKSA-2007:244
- MDKSA-2007:244
- SUSE-SA:2007:068
- SUSE-SA:2007:068
- RHSA-2007:1114
- RHSA-2007:1114
- RHSA-2007:1117
- RHSA-2007:1117
- http://www.samba.org/samba/security/CVE-2007-6015.html
- http://www.samba.org/samba/security/CVE-2007-6015.html
- 20071210 Secunia Research: Samba "send_mailslot()" Buffer OverflowVulnerability
- 20071210 Secunia Research: Samba "send_mailslot()" Buffer OverflowVulnerability
- 20071210 [SECURITY] Buffer overrun in send_mailslot()
- 20071210 [SECURITY] Buffer overrun in send_mailslot()
- 20071210 rPSA-2007-0261-1 samba samba-swat
- 20071210 rPSA-2007-0261-1 samba samba-swat
- 20071214 POC for samba send_mailslot()
- 20071214 POC for samba send_mailslot()
- 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
- 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
- 26791
- 26791
- 1019065
- 1019065
- USN-556-1
- USN-556-1
- TA08-043B
- TA08-043B
- ADV-2007-4153
- ADV-2007-4153
- ADV-2008-0495
- ADV-2008-0495
- ADV-2008-0637
- ADV-2008-0637
- ADV-2008-0859
- ADV-2008-0859
- ADV-2008-1712
- ADV-2008-1712
- ADV-2008-1908
- ADV-2008-1908
- HPSBUX02341
- HPSBUX02341
- SSRT080075
- SSRT080075
- samba-sendmailslot-bo(38965)
- samba-sendmailslot-bo(38965)
- https://issues.rpath.com/browse/RPL-1976
- https://issues.rpath.com/browse/RPL-1976
- oval:org.mitre.oval:def:11572
- oval:org.mitre.oval:def:11572
- oval:org.mitre.oval:def:5605
- oval:org.mitre.oval:def:5605
- FEDORA-2007-4269
- FEDORA-2007-4269
- FEDORA-2007-4275
- FEDORA-2007-4275
Closed vulnerabilities
BDU:2021-01740
Уязвимость AD DC пакета программ сетевого взаимодействия Samba, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01741
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01765
Уязвимость LDAP-сервера пакета программ сетевого взаимодействия Samba, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01766
Уязвимость LDAP-сервера пакета программ сетевого взаимодействия Samba, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01768
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-10730
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
- openSUSE-SU-2020:0984
- openSUSE-SU-2020:1023
- openSUSE-SU-2020:1121
- openSUSE-SU-2020:1313
- https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B
- [debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update
- FEDORA-2020-5131d30947
- GLSA-202007-15
- DSA-4884
- https://www.samba.org/samba/security/CVE-2020-10730.html
- openSUSE-SU-2020:0984
- https://www.samba.org/samba/security/CVE-2020-10730.html
- DSA-4884
- GLSA-202007-15
- FEDORA-2020-5131d30947
- [debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update
- https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B
- openSUSE-SU-2020:1313
- openSUSE-SU-2020:1121
- openSUSE-SU-2020:1023
Modified: 2024-11-21
CVE-2020-10745
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.
- openSUSE-SU-2020:0984
- openSUSE-SU-2020:1023
- openSUSE-SU-2020:1313
- https://bugzilla.redhat.com/show_bug.cgi?id=1849491%3B
- [debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update
- FEDORA-2020-5131d30947
- GLSA-202007-15
- https://www.samba.org/samba/security/CVE-2020-10745.html
- openSUSE-SU-2020:0984
- https://www.samba.org/samba/security/CVE-2020-10745.html
- GLSA-202007-15
- FEDORA-2020-5131d30947
- [debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update
- https://bugzilla.redhat.com/show_bug.cgi?id=1849491%3B
- openSUSE-SU-2020:1313
- openSUSE-SU-2020:1023
Modified: 2024-11-21
CVE-2020-10760
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.
- openSUSE-SU-2020:0984
- openSUSE-SU-2020:1023
- openSUSE-SU-2020:1313
- https://bugzilla.redhat.com/show_bug.cgi?id=1849509%3B
- [debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update
- FEDORA-2020-5131d30947
- GLSA-202007-15
- USN-4409-1
- https://www.samba.org/samba/security/CVE-2020-10760.html
- openSUSE-SU-2020:0984
- https://www.samba.org/samba/security/CVE-2020-10760.html
- USN-4409-1
- GLSA-202007-15
- FEDORA-2020-5131d30947
- [debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update
- https://bugzilla.redhat.com/show_bug.cgi?id=1849509%3B
- openSUSE-SU-2020:1313
- openSUSE-SU-2020:1023
Modified: 2024-11-21
CVE-2020-14303
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
- openSUSE-SU-2020:0984
- openSUSE-SU-2020:0984
- openSUSE-SU-2020:1023
- openSUSE-SU-2020:1023
- openSUSE-SU-2020:1313
- openSUSE-SU-2020:1313
- https://bugzilla.redhat.com/show_bug.cgi?id=1851298%3B
- https://bugzilla.redhat.com/show_bug.cgi?id=1851298%3B
- [debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update
- [debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update
- FEDORA-2020-5131d30947
- FEDORA-2020-5131d30947
- GLSA-202007-15
- GLSA-202007-15
- https://security.netapp.com/advisory/ntap-20200709-0003/
- https://security.netapp.com/advisory/ntap-20200709-0003/
- USN-4454-1
- USN-4454-1
- USN-4454-2
- USN-4454-2
- https://www.samba.org/samba/security/CVE-2020-14303.html
- https://www.samba.org/samba/security/CVE-2020-14303.html
Closed bugs
Исправить зависимость на glusterfs