openSUSE Leap 42.1: 2015:2354-1 Important: Samba LDB Exploit Fixes
opensuse
December 24, 2015
An update that solves 6 vulnerabilities and has three fixes An update that solves 6 vulnerabilities and has three fixes An update that solves 6 vulnerabilities and has three fixes ...
Description
This update for ldb, samba, talloc, tdb, tevent fixes the following
security issues and bugs:
The Samba LDB was updated to version 1.1.24:
- Fix ldap \00 search expression attack dos; CVE-2015-3223; (bso#11325)
- Fix remote read memory exploit in ldb; CVE-2015-5330; (bso#11599)
- Move ldb_(un)pack_data into ldb_module.h for testing
- Fix installation of _ldb_text.py
- Fix propagation of ldb errors through tdb
- Fix bug triggered by having an empty message in database during search
Samba was updated to fix these issues:
- Malicious request can cause Samba LDAP server to hang, spinning using
CPU; CVE-2015-3223; (bso#11325); (bnc#958581).
- Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
- Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
- No man in the middle protection when forcing smb encryption on the
client side; CVE-2015-5296;...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2015-943=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.1 (i586 x86_64):
ldb-debugsource-1.1.24-7.1
ldb-tools-1.1.24-7.1
ldb-tools-debuginfo-1.1.24-7.1
libdcerpc-atsvc-devel-4.2.4-9.2
libdcerpc-atsvc0-4.2.4-9.2
libdcerpc-atsvc0-debuginfo-4.2.4-9.2
libdcerpc-binding0-4.2.4-9.2
libdcerpc-binding0-debuginfo-4.2.4-9.2
libdcerpc-devel-4.2.4-9.2
libdcerpc-samr-devel-4.2.4-9.2
libdcerpc-samr0-4.2.4-9.2
libdcerpc-samr0-debuginfo-4.2.4-9.2
libdcerpc0-4.2.4-9.2
libdcerpc0-debuginfo-4.2.4-9.2
libgensec-devel-4.2.4-9.2
libgensec0-4.2.4-9.2
libgensec0-debuginfo-4.2.4-9.2
libldb-devel-1.1.24-7.1
libldb1-1.1.24-7.1
libldb1-debuginfo-1.1.24-7.1
libndr-devel-4.2.4-9.2
libndr-krb5pac-devel-4.2.4-9.2
libndr-krb5pac0-4.2.4-9.2
libndr-krb5pac0-debuginfo-4.2.4-9.2
libndr-nbt-devel-4.2.4-9.2
libndr-nbt0-4.2.4-9.2
libndr-nbt0-debuginfo-4.2.4-9.2
libndr-standard-devel-4.2.4-9.2
libndr-standard0-4.2.4-9.2
libndr-standard0-debuginfo-4.2.4-9.2
libndr0-4.2.4-9.2
libndr0-debuginfo-4.2.4-9.2
libnetapi-devel-4.2.4-9.2
libnetapi0-4.2.4-9.2
libnetapi0-debuginfo-4.2.4-9.2
libregistry-devel-4...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2015-3223.html
https://www.suse.com/security/cve/CVE-2015-5252.html
https://www.suse.com/security/cve/CVE-2015-5296.html
https://www.suse.com/security/cve/CVE-2015-5299.html
https://www.suse.com/security/cve/CVE-2015-5330.html
https://www.suse.com/security/cve/CVE-2015-8467.html
https://bugzilla.suse.com/show_bug.cgi?id=949022
https://bugzilla.suse.com/show_bug.cgi?id=951660
https://bugzilla.suse.com/show_bug.cgi?id=954658
https://bugzilla.suse.com/show_bug.cgi?id=958581
https://bugzilla.suse.com/show_bug.cgi?id=958582
https://bugzilla.suse.com/show_bug.cgi?id=958583
https://bugzilla.suse.com/show_bug.cgi?id=958584
https://bugzilla.suse.com/show_bug.cgi?id=958585
https://bugzilla.suse.com/show_bug.cgi?id=958586
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2015:2354-1
Rating: important
Affected Products:
openSUSE Leap 42.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!