ID de Prueba:	1.3.6.1.4.1.25623.1.0.851191
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for ldb (openSUSE-SU-2015:2354-1)
Resumen:	The remote host is missing an update for the 'ldb'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'ldb' package(s) announced via the referenced advisory. Vulnerability Insight: This update for ldb, samba, talloc, tdb, tevent fixes the following security issues and bugs: The Samba LDB was updated to version 1.1.24: - Fix ldap \00 search expression attack dos CVE-2015-3223 (bso#11325) - Fix remote read memory exploit in ldb CVE-2015-5330 (bso#11599) - Move ldb_(un)pack_data into ldb_module.h for testing - Fix installation of _ldb_text.py - Fix propagation of ldb errors through tdb - Fix bug triggered by having an empty message in database during search Samba was updated to fix these issues: - Malicious request can cause Samba LDAP server to hang, spinning using CPU CVE-2015-3223 (bso#11325) (bnc#958581). - Remote read memory exploit in LDB CVE-2015-5330 (bso#11599) (bnc#958586). - Insufficient symlink verification (file access outside the share) CVE-2015-5252 (bso#11395) (bnc#958582). - No man in the middle protection when forcing smb encryption on the client side CVE-2015-5296 (bso#11536) (bnc#958584). - Currently the snapshot browsing is not secure through windows previous version (shadow_copy2) CVE-2015-5299 (bso#11529) (bnc#958583). - Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts CVE-2015-8467 (bso#11552) (bnc#958585). - Changing log level of two entries to from 1 to 3 (bso#9912). - vfs_gpfs: Re-enable share modes (bso#11243). - wafsamba: Also build libraries with RELRO protection (bso#11346). - ctdb: Strip trailing spaces from nodes file (bso#11365). - s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero (bso#11452). - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized (bso#11563). - async_req: Fix non-blocking connect() (bso#11564). - auth: gensec: Fix a memory leak (bso#11565). - lib: util: Make non-critical message a warning (bso#11566). - Fix winbindd crashes with samlogon for trusted domain user (bso#11569) (bnc#949022). - smbd: Send SMB2 oplock breaks unencrypted (bso#11570). - ctdb: Open the RO tracking db with perms 0600 instead of 0000 (bso#11577). - manpage: Correct small typo error (bso#11584). - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them (bso#11589). - Backport some valgrind fixes from upstream master (bso#11597). - s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle (bso#11615). - docs: Fix some typos in the idmap config section of man 5 smb.conf (bso#11619). - Cleanup and enhan ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: ldb, on openSUSE Leap 42.1 Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3223 BugTraq ID: 79731 http://www.securityfocus.com/bid/79731 Debian Security Information: DSA-3433 (Google Search) http://www.debian.org/security/2016/dsa-3433 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html https://security.gentoo.org/glsa/201612-47 http://www.securitytracker.com/id/1034493 SuSE Security Announcement: SUSE-SU-2015:2304 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html SuSE Security Announcement: SUSE-SU-2015:2305 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html SuSE Security Announcement: openSUSE-SU-2015:2354 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html SuSE Security Announcement: openSUSE-SU-2015:2356 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html SuSE Security Announcement: openSUSE-SU-2016:1064 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://www.ubuntu.com/usn/USN-2855-1 http://www.ubuntu.com/usn/USN-2855-2 http://www.ubuntu.com/usn/USN-2856-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5252 BugTraq ID: 79733 http://www.securityfocus.com/bid/79733 SuSE Security Announcement: SUSE-SU-2016:0032 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html SuSE Security Announcement: SUSE-SU-2016:0164 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html SuSE Security Announcement: SUSE-SU-2016:1105 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html SuSE Security Announcement: openSUSE-SU-2016:1106 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html SuSE Security Announcement: openSUSE-SU-2016:1107 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5296 BugTraq ID: 79732 http://www.securityfocus.com/bid/79732 Common Vulnerability Exposure (CVE) ID: CVE-2015-5299 BugTraq ID: 79729 http://www.securityfocus.com/bid/79729 Common Vulnerability Exposure (CVE) ID: CVE-2015-5330 BugTraq ID: 79734 http://www.securityfocus.com/bid/79734 Common Vulnerability Exposure (CVE) ID: CVE-2015-8467 BugTraq ID: 79735 http://www.securityfocus.com/bid/79735
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.