Branch p9 update bulletin.

Package libldb updated to version 2.0.12-alt2 for branch p9 in task 255267.

Published: 2015-04-28
Modified: 2024-07-05

BDU:2015-04793

Уязвимость операционной системы openSUSE, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-07553

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-07575

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-07580

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-07588

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08214

Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08215

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08216

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08217

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08218

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08219

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08220

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08221

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09613

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2003-03-31
Modified: 2025-04-03

CVE-2003-0085

Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2003-03-31
Modified: 2025-04-03

CVE-2003-0086

The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.

Severity: LOW (1.2) Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

References:

Published: 2003-05-05
Modified: 2025-04-03

CVE-2003-0196

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2003-05-05
Modified: 2025-04-03

CVE-2003-0201

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2005-01-10
Modified: 2025-04-03

CVE-2004-1154

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2007-12-13
Modified: 2025-04-09

CVE-2007-6015

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Package samba updated to version 4.11.11-alt1 for branch p9 in task 255267.

Published: 2021-03-30
Modified: 2025-01-29

BDU:2021-01740

Уязвимость AD DC пакета программ сетевого взаимодействия Samba, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2020-14303

Published: 2021-03-30
Modified: 2024-04-17

BDU:2021-01741

Уязвимость пакета программ сетевого взаимодействия Samba, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2020-10745

Published: 2021-03-30
Modified: 2024-04-17

BDU:2021-01765

Уязвимость LDAP-сервера пакета программ сетевого взаимодействия Samba, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

CVE-2020-10760

Published: 2021-03-30
Modified: 2023-11-21

BDU:2021-01766

Уязвимость LDAP-сервера пакета программ сетевого взаимодействия Samba, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

CVE-2020-10730

Published: 2021-03-30
Modified: 2023-11-21

BDU:2021-01768

Уязвимость пакета программ сетевого взаимодействия Samba, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

CVE-2020-10730

Published: 2020-07-07
Modified: 2024-11-21

CVE-2020-10730

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-07-07
Modified: 2024-11-21

CVE-2020-10745

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-07-06
Modified: 2024-11-21

CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2020-07-06
Modified: 2024-11-21

CVE-2020-14303

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Исправить зависимость на glusterfs

Package mrtg updated to version 2.17.7-alt1 for branch p9 in task 255325.

Просьба мантейнеру пакета собрать новую версию

Version: 2.1.2

Branch p9 update on 2020-07-31

ALT-BU-2020-3949-1

ALT-PU-2020-2475-1

Closed vulnerabilities

BDU:2015-04793

BDU:2015-07553

BDU:2015-07575

BDU:2015-07580

BDU:2015-07588

BDU:2015-08214

BDU:2015-08215

BDU:2015-08216

BDU:2015-08217

BDU:2015-08218

BDU:2015-08219

BDU:2015-08220

BDU:2015-08221

BDU:2015-09613

CVE-2003-0085

CVE-2003-0086

CVE-2003-0196

CVE-2003-0201

CVE-2004-1154

CVE-2007-6015

ALT-PU-2020-2476-1

Closed vulnerabilities

BDU:2021-01740

BDU:2021-01741

BDU:2021-01765

BDU:2021-01766

BDU:2021-01768

CVE-2020-10730

CVE-2020-10745

CVE-2020-10760

CVE-2020-14303

Closed bugs

Bug #38038

ALT-PU-2020-2480-1

Closed bugs

Bug #38128