ALT-BU-2024-2707-1
Branch p10 update bulletin.
Closed vulnerabilities
BDU:2023-07419
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-01-22
CVE-2018-14628
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
- http://www.openwall.com/lists/oss-security/2023/11/28/4
- https://bugzilla.redhat.com/show_bug.cgi?id=1625445
- https://bugzilla.samba.org/show_bug.cgi?id=13595
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
- https://security.netapp.com/advisory/ntap-20230223-0008/
- http://www.openwall.com/lists/oss-security/2023/11/28/4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
- https://bugzilla.samba.org/show_bug.cgi?id=13595
- https://bugzilla.redhat.com/show_bug.cgi?id=1625445
Modified: 2024-11-21
CVE-2023-5568
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
- https://access.redhat.com/security/cve/CVE-2023-5568
- https://access.redhat.com/security/cve/CVE-2023-5568
- RHBZ#2245174
- RHBZ#2245174
- https://bugzilla.samba.org/show_bug.cgi?id=15491
- https://bugzilla.samba.org/show_bug.cgi?id=15491
- https://security.netapp.com/advisory/ntap-20231124-0007/
- https://www.samba.org/samba/history/samba-4.19.2.html
- https://www.samba.org/samba/history/samba-4.19.2.html
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-51446
GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.
- https://github.com/glpi-project/glpi/commit/58c67d78f2e3ad08264213e9aaf56eab3c9ded35
- https://github.com/glpi-project/glpi/commit/58c67d78f2e3ad08264213e9aaf56eab3c9ded35
- https://github.com/glpi-project/glpi/releases/tag/10.0.12
- https://github.com/glpi-project/glpi/releases/tag/10.0.12
- https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8
- https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8
Modified: 2024-11-21
CVE-2024-23645
GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.
- https://github.com/glpi-project/glpi/commit/6cf265936c4f6edf7dea7c78b12e46d75b94d9b0
- https://github.com/glpi-project/glpi/commit/6cf265936c4f6edf7dea7c78b12e46d75b94d9b0
- https://github.com/glpi-project/glpi/commit/fc1f6da9d158933b870ff374ed3a50ae98dcef4a
- https://github.com/glpi-project/glpi/commit/fc1f6da9d158933b870ff374ed3a50ae98dcef4a
- https://github.com/glpi-project/glpi/releases/tag/10.0.12
- https://github.com/glpi-project/glpi/releases/tag/10.0.12
- https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x
- https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x
Package netcmdplus updated to version 0.1.3-alt1 for branch p10 in task 335987.
Closed bugs
netcmdplus не работает с Samba >= 4.19