SUSE: 2018:2321-1 Important: Samba Denial of Service and More
suse
August 14, 2018
An update that solves four vulnerabilities and has one errata is now available
Summary
This update for samba fixes the following issues: Security issues fixed: - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2017-14746: Fixed use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Fixed server heap memory information leak (bsc#1063008). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Bug fixes: - bsc#1027593: Update 'winbind expand groups' doc in smb.conf man page. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1559=1
Topics Covered
References
#1027593 #1060427 #1063008 #1081741 #1103411
Cross- CVE-2017-14746 CVE-2017-15275 CVE-2018-1050
CVE-2018-10858
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise High Availability 12
https://www.suse.com/security/cve/CVE-2017-14746.html
https://www.suse.com/security/cve/CVE-2017-15275.html
https://www.suse.com/security/cve/CVE-2018-1050.html
https://www.suse.com/security/cve/CVE-2018-10858.html
https://bugzilla.suse.com/1027593
https://bugzilla.suse.com/1060427
https://bugzilla.suse.com/1063008
https://bugzilla.suse.com/1081741
https://bugzilla.suse.com/1103411
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2018:2321-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!