Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.851148 |
Kategorie: | SuSE Local Security Checks |
Titel: | openSUSE: Security Advisory for samba (openSUSE-SU-2015:2356-1) |
Zusammenfassung: | The remote host is missing an update for the 'samba'; package(s) announced via the referenced advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'samba' package(s) announced via the referenced advisory. Vulnerability Insight: This update for ldb, samba, talloc, tdb, tevent fixes the following issues: ldb was updated to 1.1.24. + Fix ldap \00 search expression attack dos cve-2015-3223 (bso#11325) + Fix remote read memory exploit in ldb cve-2015-5330 (bso#11599) + Move ldb_(un)pack_data into ldb_module.h for testing + Fix installation of _ldb_text.py + Fix propagation of ldb errors through tdb + Fix bug triggered by having an empty message in database during search + Test improvements + Improved python bindings + Validate_ldb of string(generalized-time) does not accept millisecond format '.000Z' (bso#9810) + Fix logic in ldb_val_to_time() + Allow to register extended match rules + Fixes for segfaults in pyldb + Documentation fixes + Build system improvements + Fix a typo in the comment, ldb_flags_mod_xxx - ldb_flag_mod_xxx + Fix check for third_party + Make the successful ldb_transaction_start() message clearer + Ldb-samba: fix a memory leak in ldif_canonicalise_objectcategory() + Ldb-samba: move pyldb-utils dependency to python_samba__ldb + Build: improve detection of srcdir Samba was updated to 4.1.22. + Malicious request can cause samba ldap server to hang, spinning using cpu CVE-2015-3223 (bso#11325) (boo#958581). + Remote read memory exploit in ldb cve-2015-5330 (bso#11599) (boo#958586). + Insufficient symlink verification (file access outside the share) CVE-2015-5252 (bso#11395) (boo#958582). + No man in the middle protection when forcing smb encryption on the client side CVE-2015-5296 (bso#11536) (boo#958584). + Currently the snapshot browsing is not secure through windows previous version (shadow_copy2) CVE-2015-5299 (bso#11529) (boo#958583). + Fix microsoft ms15-096 to prevent machine accounts from being changed into user accounts CVE-2015-8467 (bso#11552) (boo#958585). + Fix remote dos in samba (ad) ldap server cve-2015-7540 (bso#9187) (boo#958580). + Ensure attempt to ssh into locked account triggers 'Your account is disabled.....' to the console (boo#953382). + Prevent null pointer access in samlogon fallback when security credentials are null (boo#949022). talloc was updated to 2.1.5 (boo#954658). + Minor build fixes + Point ld_library_path to the just-built libraries while calling make test. + Disable rpath-install and silent-rules while configure. + Update to 2.1.4 (boo#951660). + Test that talloc magic differs between processes. + Increment minor version due to added talloc_test_get_magic. + Provide tests access to talloc_magic. + Test magic protecti . Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: samba, on openSUSE 13.2, openSUSE 13.1 Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-3223 BugTraq ID: 79731 http://www.securityfocus.com/bid/79731 Debian Security Information: DSA-3433 (Google Search) http://www.debian.org/security/2016/dsa-3433 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html https://security.gentoo.org/glsa/201612-47 http://www.securitytracker.com/id/1034493 SuSE Security Announcement: SUSE-SU-2015:2304 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html SuSE Security Announcement: SUSE-SU-2015:2305 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html SuSE Security Announcement: openSUSE-SU-2015:2354 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html SuSE Security Announcement: openSUSE-SU-2015:2356 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html SuSE Security Announcement: openSUSE-SU-2016:1064 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://www.ubuntu.com/usn/USN-2855-1 http://www.ubuntu.com/usn/USN-2855-2 http://www.ubuntu.com/usn/USN-2856-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5252 BugTraq ID: 79733 http://www.securityfocus.com/bid/79733 SuSE Security Announcement: SUSE-SU-2016:0032 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html SuSE Security Announcement: SUSE-SU-2016:0164 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html SuSE Security Announcement: SUSE-SU-2016:1105 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html SuSE Security Announcement: openSUSE-SU-2016:1106 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html SuSE Security Announcement: openSUSE-SU-2016:1107 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5296 BugTraq ID: 79732 http://www.securityfocus.com/bid/79732 Common Vulnerability Exposure (CVE) ID: CVE-2015-5299 BugTraq ID: 79729 http://www.securityfocus.com/bid/79729 Common Vulnerability Exposure (CVE) ID: CVE-2015-5330 BugTraq ID: 79734 http://www.securityfocus.com/bid/79734 Common Vulnerability Exposure (CVE) ID: CVE-2015-7540 BugTraq ID: 79736 http://www.securityfocus.com/bid/79736 http://www.securitytracker.com/id/1034492 Common Vulnerability Exposure (CVE) ID: CVE-2015-8467 BugTraq ID: 79735 http://www.securityfocus.com/bid/79735 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |