Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

openSUSE: 2019:2442-1 Critical Update for Samba Security Issues

opensuse
Calendar Grey November 5, 2019
Dist Opensuse Esm H88
openSUSE Security Update: Security update for samba ________________________________________________
An update that solves three vulnerabilities and has two fixes is now available.

Description

This update for provides the following fixes:

Following security issues were fixed:

- CVE-2019-14847: User with "get changes" permission could have crashed AD

DC LDAP server via dirsync (bsc#1154598).

- CVE-2019-10218: Client code could have returned filenames containing

path separators (bsc#1144902).

- CVE-2019-14833: Accent with "check script password" where Samba AD DC

check password script did not receive the full password (bsc#1154289).

Also following non-security issues were fixed:

- Fix auth problems when printing via smbspool backend with kerberos.

(bsc#1148539)

- Fix broken username/password authentication with CUPS and smbspool.

(bsc#1152143)

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2442=1

Package List

- openSUSE Leap 15.1 (i586 x86_64):

ctdb-4.9.5+git.210.ab0549acb05-lp151.2.9.1

ctdb-debuginfo-4.9.5+git.210.ab0549acb05-lp151.2.9.1

ctdb-pcp-pmda-4.9.5+git.210.ab0549acb05-lp151.2.9.1

ctdb-pcp-pmda-debuginfo-4.9.5+git.210.ab0549acb05-lp151.2.9.1

ctdb-tests-4.9.5+git.210.ab0549acb05-lp151.2.9.1

ctdb-tests-debuginfo-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libdcerpc-binding0-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libdcerpc-binding0-debuginfo-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libdcerpc-devel-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libdcerpc-samr-devel-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libdcerpc-samr0-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libdcerpc-samr0-debuginfo-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libdcerpc0-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libdcerpc0-debuginfo-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libndr-devel-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libndr-krb5pac-devel-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libndr-krb5pac0-4.9.5+git.210.ab0549acb05-lp151.2.9.1

libndr-krb5pac0-debuginfo-4.9.5+git.2...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2019-10218.html

https://www.suse.com/security/cve/CVE-2019-14833.html

https://www.suse.com/security/cve/CVE-2019-14847.html

https://bugzilla.suse.com/1144902

https://bugzilla.suse.com/1148539

https://bugzilla.suse.com/1152143

https://bugzilla.suse.com/1154289

https://bugzilla.suse.com/1154598

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:2442-1
Rating: important
Affected Products: openSUSE Leap 15.1 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.