SUSE 10: 2013:0519-1 Important: Samba CSRF & Clickjacking Risks
suse
March 22, 2013
An update that solves two vulnerabilities and has 6 fixes An update that solves two vulnerabilities and has 6 fixes An update that solves two vulnerabilities and has 6 fixes is now...
Summary
The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 was affected by a cross-site request forgery; CVE-2013-0214; (bnc#799641). The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 could possibly be used in clickjacking attacks; CVE-2013-0213; (bnc#800982). Also the following bugs have been fixed: * Don't clutter the spec file diff view; (bnc#783384). * s3: Fix uninitialized memory read in talloc_free(); (bnc#764577). * Attempt to use samlogon validation level 6; (bso#7945); (bnc#741623). * Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731). * Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR lsa errors; (bso#7944); (bnc#755663). * Fix lsa_LookupSids3 and lsa_LookupNames4 arguments. Security Issue references: * CVE-2013-0213
Topics Covered
References
#499233 #741623 #755663 #759731 #764577 #783384
#799641 #800982
Cross- CVE-2013-0213 CVE-2013-0214
Affected Products:
SUSE Linux Enterprise Server 10 GPLv3 Extras
https://www.suse.com/security/cve/CVE-2013-0213.html
https://www.suse.com/security/cve/CVE-2013-0214.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2013:0519-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!