Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.851148
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for samba (openSUSE-SU-2015:2356-1)
Zusammenfassung:The remote host is missing an update for the 'samba'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'samba'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for ldb, samba, talloc, tdb, tevent fixes the following issues:

ldb was updated to 1.1.24.

+ Fix ldap \00 search expression attack dos cve-2015-3223 (bso#11325)
+ Fix remote read memory exploit in ldb cve-2015-5330 (bso#11599)
+ Move ldb_(un)pack_data into ldb_module.h for testing
+ Fix installation of _ldb_text.py
+ Fix propagation of ldb errors through tdb
+ Fix bug triggered by having an empty message in database during search
+ Test improvements
+ Improved python bindings
+ Validate_ldb of string(generalized-time) does not accept millisecond
format '.000Z' (bso#9810)
+ Fix logic in ldb_val_to_time()
+ Allow to register extended match rules
+ Fixes for segfaults in pyldb
+ Documentation fixes
+ Build system improvements
+ Fix a typo in the comment, ldb_flags_mod_xxx - ldb_flag_mod_xxx
+ Fix check for third_party
+ Make the successful ldb_transaction_start() message clearer
+ Ldb-samba: fix a memory leak in ldif_canonicalise_objectcategory()
+ Ldb-samba: move pyldb-utils dependency to python_samba__ldb
+ Build: improve detection of srcdir

Samba was updated to 4.1.22.
+ Malicious request can cause samba ldap server to hang, spinning using
cpu CVE-2015-3223 (bso#11325) (boo#958581).
+ Remote read memory exploit in ldb cve-2015-5330 (bso#11599)
(boo#958586).
+ Insufficient symlink verification (file access outside the share)
CVE-2015-5252 (bso#11395) (boo#958582).
+ No man in the middle protection when forcing smb encryption on the
client side CVE-2015-5296 (bso#11536) (boo#958584).
+ Currently the snapshot browsing is not secure through windows previous
version (shadow_copy2) CVE-2015-5299 (bso#11529) (boo#958583).
+ Fix microsoft ms15-096 to prevent machine accounts from being changed
into user accounts CVE-2015-8467 (bso#11552) (boo#958585).
+ Fix remote dos in samba (ad) ldap server cve-2015-7540 (bso#9187)
(boo#958580).
+ Ensure attempt to ssh into locked account triggers 'Your account is
disabled.....' to the console (boo#953382).
+ Prevent null pointer access in samlogon fallback when security
credentials are null (boo#949022).

talloc was updated to 2.1.5 (boo#954658).
+ Minor build fixes
+ Point ld_library_path to the just-built libraries while calling make
test.
+ Disable rpath-install and silent-rules while configure.
+ Update to 2.1.4 (boo#951660).
+ Test that talloc magic differs between processes.
+ Increment minor version due to added talloc_test_get_magic.
+ Provide tests access to talloc_magic.
+ Test magic protecti .

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
samba, on openSUSE 13.2, openSUSE 13.1

Solution:
Please install the updated package(s).

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-3223
BugTraq ID: 79731
http://www.securityfocus.com/bid/79731
Debian Security Information: DSA-3433 (Google Search)
http://www.debian.org/security/2016/dsa-3433
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
https://security.gentoo.org/glsa/201612-47
http://www.securitytracker.com/id/1034493
SuSE Security Announcement: SUSE-SU-2015:2304 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
SuSE Security Announcement: SUSE-SU-2015:2305 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
SuSE Security Announcement: openSUSE-SU-2015:2354 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
SuSE Security Announcement: openSUSE-SU-2015:2356 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
SuSE Security Announcement: openSUSE-SU-2016:1064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://www.ubuntu.com/usn/USN-2855-1
http://www.ubuntu.com/usn/USN-2855-2
http://www.ubuntu.com/usn/USN-2856-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5252
BugTraq ID: 79733
http://www.securityfocus.com/bid/79733
SuSE Security Announcement: SUSE-SU-2016:0032 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
SuSE Security Announcement: SUSE-SU-2016:0164 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
SuSE Security Announcement: SUSE-SU-2016:1105 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html
SuSE Security Announcement: openSUSE-SU-2016:1106 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
SuSE Security Announcement: openSUSE-SU-2016:1107 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-5296
BugTraq ID: 79732
http://www.securityfocus.com/bid/79732
Common Vulnerability Exposure (CVE) ID: CVE-2015-5299
BugTraq ID: 79729
http://www.securityfocus.com/bid/79729
Common Vulnerability Exposure (CVE) ID: CVE-2015-5330
BugTraq ID: 79734
http://www.securityfocus.com/bid/79734
Common Vulnerability Exposure (CVE) ID: CVE-2015-7540
BugTraq ID: 79736
http://www.securityfocus.com/bid/79736
http://www.securitytracker.com/id/1034492
Common Vulnerability Exposure (CVE) ID: CVE-2015-8467
BugTraq ID: 79735
http://www.securityfocus.com/bid/79735
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.