Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

openSUSE 13.1/13.2: 2015:0375-1 Important: Samba Privilege Escalation

opensuse
Calendar Grey February 25, 2015
Dist Opensuse Esm H88
Significant samba security patch released for openSUSE tackling privilege elevation and program vulnerabilities with crucial evaluations.
An update that fixes two vulnerabilities is now available.

Description

samba was updated to fix two security issues.

These security issues were fixed:

- CVE-2015-0240: Ensure we don't call talloc_free on an uninitialized

pointer (bnc#917376).

- CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x

before 4.2rc4, when an Active Directory Domain Controller (AD DC) is

configured, allowed remote authenticated users to set the LDB

userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain

privileges, by leveraging delegation of authority for user-account or

computer-account creation (bnc#914279).

Several non-security issues were fixed, please refer to the changes file.

Topics%20covered

Topics Covered

security advisory software update privilege escalation samba security fix important openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-179=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-179=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

libdcerpc-atsvc-devel-4.1.17-5.1

libdcerpc-atsvc0-4.1.17-5.1

libdcerpc-atsvc0-debuginfo-4.1.17-5.1

libdcerpc-binding0-4.1.17-5.1

libdcerpc-binding0-debuginfo-4.1.17-5.1

libdcerpc-devel-4.1.17-5.1

libdcerpc-samr-devel-4.1.17-5.1

libdcerpc-samr0-4.1.17-5.1

libdcerpc-samr0-debuginfo-4.1.17-5.1

libdcerpc0-4.1.17-5.1

libdcerpc0-debuginfo-4.1.17-5.1

libgensec-devel-4.1.17-5.1

libgensec0-4.1.17-5.1

libgensec0-debuginfo-4.1.17-5.1

libndr-devel-4.1.17-5.1

libndr-krb5pac-devel-4.1.17-5.1

libndr-krb5pac0-4.1.17-5.1

libndr-krb5pac0-debuginfo-4.1.17-5.1

libndr-nbt-devel-4.1.17-5.1

libndr-nbt0-4.1.17-5.1

libndr-nbt0-debuginfo-4.1.17-5.1

libndr-standard-devel-4.1.17-5.1

libndr-standard0-4.1.17-5.1

libndr-standard0-debuginfo-4.1.17-5.1

libndr0-4.1.17-5.1

libndr0-debuginfo-4.1.17-5.1

libnetapi-devel-4.1.17-5.1

libnetapi0-4.1.17-5.1

libnetapi0-debuginfo-4.1.17-5.1

libpdb-devel-4.1.17-5.1

libpdb0-4.1.17-5.1

libpdb0-debuginfo-4.1.17-5.1

libregistry-devel-4.1.17-5.1

libregistry0-4.1.17-5.1

libregistry0-debugin...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2014-8143.html

https://www.suse.com/security/cve/CVE-2015-0240.html

https://bugzilla.suse.com/914279

https://bugzilla.suse.com/917376

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2015:0375-1
Rating: important
Affected Products: openSUSE 13.2 openSUSE 13.1

Topics%20covered

Topics Covered

security advisory software update privilege escalation samba security fix important openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here