Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.853399 |
Kategorie: | SuSE Local Security Checks |
Titel: | openSUSE: Security Advisory for ldb, (openSUSE-SU-2020:1313-1) |
Zusammenfassung: | The remote host is missing an update for the 'ldb, '; package(s) announced via the openSUSE-SU-2020:1313-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'ldb, ' package(s) announced via the openSUSE-SU-2020:1313-1 advisory. Vulnerability Insight: This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined, (bso#14364), (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each, (bso#14378), (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV, (bso#14402), (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server, (bso#14417), (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name, (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode, (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr, (bso#14413). + Malicious SMB1 server can crash libsmbclient, (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit, (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(), (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly, (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid, (bso#14237). + Missing check for DMAPI offline status in async DOS attributes, (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs, (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existent paths, (bso#14316) + smbd mistakenly updates a file's write-time on close, (bso#14320). + RPC handles cannot be differentiated in source3 RPC server, (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW, (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred, (bso#14327). + Fix fruit:time machine max size on arm, (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning, (bso#14294). + ctdb: Fix a memleak, (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart, (bso#14295), (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache, (bso#14344), (bsc#1169095) + s3:libads: Fix ads_get_upn(), (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning, (bso#14294) + Starting ctdb node that was powered off hard before results in ... Description truncated. Please see the references for more information. Affected Software/OS: 'ldb, ' package(s) on openSUSE Leap 15.2. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-10700 Common Vulnerability Exposure (CVE) ID: CVE-2020-10704 Common Vulnerability Exposure (CVE) ID: CVE-2020-10730 Common Vulnerability Exposure (CVE) ID: CVE-2020-10745 Common Vulnerability Exposure (CVE) ID: CVE-2020-10760 Common Vulnerability Exposure (CVE) ID: CVE-2020-14303 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |