ELSA-2018-1860

ELSA-2018-1860 - samba security and bug fix update

Type:SECURITY
Severity:LOW
Release Date:2018-06-25

Description


[3.6.23-51.0.1]
- Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258]

[3.6.24-51]
- resolves: #1513877 - Fix memory leak in winbind

[3.6.24-50]
- resolves: #1553018 - Fix CVE-2018-1050

[3.6.24-49]
- resolves: #1536053 - Fix regression with non-wide symlinks to directories

[3.6.24-48]
- resolves: #1519884 - Fix segfault in winbind when querying groups

[3.6.24-47]
- resolves: #1413484 - Fix guest login with signing required

[3.6.24-46]
- resolves: #1509455 - Fix regression of CVE-2017-2619

[3.6.24-45]
- resolves: #1491211 - CVE-2017-2619 CVE-2017-12150 CVE-2017-12163

[3.6.24-44]
- resolves: #1451105 - Fix trusted domain handling in winbind
- resolves: #1431000 - Fix crash while trying to authenticate with a disabled
account
- resolves: #1467395 - Add 'winbind request timeout' option

[3.6.23-43]
- resolves: #1450783 - Fix CVE-2017-7494

[3.6.23-42]
- resolves: #1391256 - Performance issues with vfs_dirsort and extended
attributes

[3.6.23-41]
- resolves: #1413672 - Auth regression after secret changed

[3.6.23-40]
- resolves: #1405356 - CVE-2016-2125 CVE-2016-2126

[3.6.23-39]
- resolves: #1297805 - Fix issues with printer unpublishing from AD

[3.6.23-38]
- resolves: #1347843 - Fix RPC queryUserList returning NO_MEMORY for
empty list

[3.6.23-37]
- resolves: #1380151 - Fix memory leak in idmap_ad module
- resolves: #1333561 - Fix smbclient connection issues to DFS shares
- resolves: #1372611 - Allow ntlmsssp session key setup without signing
(Workaround for broken NetApp and EMC NAS)

[3.6.23-35]
- resolves: #1282289 - Fix winbind memory leak with each cached creds login

[3.6.23-34]
- resolves: #1327697 - Fix netlogon credential checks
- resolves: #1327746 - Fix dcerpc trailer verificaton

[3.6.23-33]
- related: #1322687 - Update CVE patchset

[3.6.23-32]
- related: #1322687 - Update manpages

[3.6.23-31]
- related: #1322687 - Update CVE patchset

[3.6.23-30]
- related: #1322687 - Update CVE patchset

[3.6.23-29]
- resolves: #1322687 - Fix CVE-2015-5370
- resolves: #1322687 - Fix CVE-2016-2110
- resolves: #1322687 - Fix CVE-2016-2111
- resolves: #1322687 - Fix CVE-2016-2112
- resolves: #1322687 - Fix CVE-2016-2115
- resolves: #1322687 - Fix CVE-2016-2118 (Known as Badlock)

[3.6.23-28]
- resolves: #1305870 - Fix symlink verification

[3.6.23-27]
- resolves: #1314671 - Fix CVE-2015-7560

[3.6.23-26]
- resolves: #1211744 - Fix DFS client access with Windows Server 2008

[3.6.23-25]
- resolves: #1242614 - Fix unmappable S-1-18-1 sid truncates group lookups

[3.6.23-24]
- resolves: #1271763 - Fix segfault in NTLMv2_generate_names_blob()
- resolves: #1261265 - Add '--no-dns-updates' option for 'net ads join'

[3.6.23-23]
- resolves: #1290707 - CVE-2015-5299
- related: #1290707 - CVE-2015-5296
- related: #1290707 - CVE-2015-5252
- related: #1290707 - CVE-2015-5330

[3.6.23-22]
- resolves: #1232021 - Do not overwrite smb.conf manpage
- resolves: #1216060 - Document netbios name length limitations
- resolves: #1234249 - Fix 'map to guest = Bad Uid' option
- resolves: #1219570 - Fix 'secuirtiy = server' (obsolete) share access
- resolves: #1211657 - Fix stale cache entries if a printer gets renamed

[3.6.23-21]
- resolves: #1252180 - Fix 'force group' with 'winbind use default domain'.
- resolves: #1250100 - Fix segfault in pam_winbind if option parsing fails
- resolves: #1222985 - Fix segfault with 'mangling method = hash' option

[3.6.23-20]
- resolves: #1164269 - Fix rpcclient timeout command.

[3.6.23-19]
- resolves: #1201611 - Fix 'force user' with 'winbind use default domain'.

[3.6.23-18]
- resolves: #1194549 - Fix winbind caching issue and support SID compression.

[3.6.23-17]
- resolves: #1192211 - Fix restoring shadow copy snapshot with SMB2.

[3.6.23-16]
- resolves: #1117059 - Fix nss group enumeration with unresolved groups.

[3.6.23-15]
- resolves: #1165750 - Fix guid retrieval for published printers.
- resolves: #1163383 - Fix 'net ads join -k' with existing keytab entries.
- resolves: #1195456 - Fix starting daemons on read only filesystems.
- resolves: #1138552 - Fix CPU utilization when re-reading the printcap info.
- resolves: #1144916 - Fix smbclient NTLMv2 authentication.
- resolves: #1164336 - Document 'sharesec' command for
'access based share enum' option.

[3.6.23-14]
- related: #1191339 - Update patchset for CVE-2015-0240.

[3.6.23-13]
- resolves: #1191339 - CVE-2015-0240: RCE in netlogon.

[3.6.23-12]
- resolves: #1127723 - Fix samlogon secure channel recovery.

[3.6.23-11]
- resolves: #1129006 - Add config variables to set spoolss os version.

[3.6.23-10]
- resolves: #1124835 - Fix dropbox share.

[3.6.23-9]
- related: #1053886 - Fix receiving the gecos field with winbind.

[3.6.23-8]
- resolves: #1110733 - Fix write operations as guest with 'security = share'.
- resolves: #1053886 - Fix receiving the gecos field with winbind.

[3.6.23-7]
- resolves: #1107777 - Fix SMB2 with 'case sensitive = True'

[3.6.23-6]
- resolves: #1105500 - CVE-2014-0244: DoS in nmbd.
- resolves: #1108841 - CVE-2014-3493: DoS in smbd with unicode path names.

[3.6.23-5]
- related: #1061301 - Only link glusterfs libraries to vfs module.

[3.6.23-4]
- resolves: #1051656 - Fix gecos field copy debug warning.
- resolves: #1061301 - Add glusterfs vfs module.
- resolves: #1087472 - Fix libsmbclient crash when HOME variable isnt set.
- resolves: #1099443 - 'net ads testjoin' fails with IPv6.
- resolves: #1100670 - Fix 'force user' with 'security = ads'.
- resolves: #1096522 - Fix enabling SMB2 causes file operations to fail.

[3.6.23-3]
- resolves: #1081539 - Add timeout option to smbclient.

[3.6.23-2]
- resolves: #1022534 - Do not build Samba with fam support.
- resolves: #1059301 - Fix nbt query with many components.
- resolves: #1057332 - Fix force user with guest account.
- resolves: #1021706 - Fix %G substitution in 'template homedir'.
- resolves: #1040472 - Fix group expansion in service path.
- resolves: #1069570 - Fix memory leak reading printer list.
- resolves: #1067607 - Fix wbinfo -i with one-way trusts.
- resolves: #1050887 - Fix 100% CPU utilization in winbindd when trying to
free memory in winbindd_reinit_after_fork.
- resolves: #1029000 - Fix 'force user' with 'security = ads'.

[3.6.23-1]
- resolves: #1073356 - Fix CVE-2013-4496, CVE-2012-6150 and CVE-2013-6442.
- resolves: #1018038 - Fix CVE-2013-4408.

[3.6.22-1]
- resolves: #1003921 - Rebase Samba to 3.6.22.
- resolves: #1035332 - Fix force user with 'security = user'.


Related CVEs


CVE-2018-1050

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) samba-3.6.23-51.0.1.el6.src.rpm981941192aab9ae6082e99ac3dbdebe6-
libsmbclient-3.6.23-51.0.1.el6.i686.rpmf93dceadf0b112720a55e85c92e6732d-
libsmbclient-devel-3.6.23-51.0.1.el6.i686.rpm4a0619586b0fdee87bc0c52c10e9094c-
samba-3.6.23-51.0.1.el6.i686.rpm44fb4b61b41ec4b0f3907abdefa3d384-
samba-client-3.6.23-51.0.1.el6.i686.rpm56646edaaad62d8f4a1bcf870ae16261-
samba-common-3.6.23-51.0.1.el6.i686.rpmb45c6b6ae41d7eebd07cbf2c28bce07a-
samba-doc-3.6.23-51.0.1.el6.i686.rpm2cc8c74f5957ed77936d255210314682-
samba-domainjoin-gui-3.6.23-51.0.1.el6.i686.rpm431ef6b53a712ca7b02e1f5249d5d859-
samba-swat-3.6.23-51.0.1.el6.i686.rpme1212b92f621cf771006571f052386a2-
samba-winbind-3.6.23-51.0.1.el6.i686.rpm2cd09ebcea312ce9eafbfc81e14af6e9-
samba-winbind-clients-3.6.23-51.0.1.el6.i686.rpm474450a0380bbaade1ee68d67cd03198-
samba-winbind-devel-3.6.23-51.0.1.el6.i686.rpm0ffceab6fd129dc7239b7e96f4a29b7d-
samba-winbind-krb5-locator-3.6.23-51.0.1.el6.i686.rpma08d81080aff635635f0049efc871b9b-
Oracle Linux 6 (x86_64) samba-3.6.23-51.0.1.el6.src.rpm981941192aab9ae6082e99ac3dbdebe6-
libsmbclient-3.6.23-51.0.1.el6.i686.rpmf93dceadf0b112720a55e85c92e6732d-
libsmbclient-3.6.23-51.0.1.el6.x86_64.rpmd333de5a50977ef50656036ad571566e-
libsmbclient-devel-3.6.23-51.0.1.el6.i686.rpm4a0619586b0fdee87bc0c52c10e9094c-
libsmbclient-devel-3.6.23-51.0.1.el6.x86_64.rpm0c75b8e890d50adc777e89d15094035d-
samba-3.6.23-51.0.1.el6.x86_64.rpm8a6514380cbbe70a35cfce5e6c0f14ed-
samba-client-3.6.23-51.0.1.el6.x86_64.rpm50a81048b4b9c95f20858efe39d41c64-
samba-common-3.6.23-51.0.1.el6.i686.rpmb45c6b6ae41d7eebd07cbf2c28bce07a-
samba-common-3.6.23-51.0.1.el6.x86_64.rpm5b58bff9df8248a672f1231f33dbfbdd-
samba-doc-3.6.23-51.0.1.el6.x86_64.rpm8c939558e11a23157d691ec7fe9199c0-
samba-domainjoin-gui-3.6.23-51.0.1.el6.x86_64.rpmcf43d1b4ed54964080320401fa10c346-
samba-glusterfs-3.6.23-51.0.1.el6.x86_64.rpm28f564214c68984a1ab2644b1f96c098-
samba-swat-3.6.23-51.0.1.el6.x86_64.rpm5e7aee969a78b812f6e21c7caeaccfee-
samba-winbind-3.6.23-51.0.1.el6.x86_64.rpmf27d092525d19f25b4af4e1bdf0c4501-
samba-winbind-clients-3.6.23-51.0.1.el6.i686.rpm474450a0380bbaade1ee68d67cd03198-
samba-winbind-clients-3.6.23-51.0.1.el6.x86_64.rpm6ebf155e6c078d5805a4e3201152e4eb-
samba-winbind-devel-3.6.23-51.0.1.el6.i686.rpm0ffceab6fd129dc7239b7e96f4a29b7d-
samba-winbind-devel-3.6.23-51.0.1.el6.x86_64.rpmb8741d0bc4d4b52c6aa8f70cd41b245a-
samba-winbind-krb5-locator-3.6.23-51.0.1.el6.x86_64.rpmc1e2256bf2203b9f1053b9debb3cd35c-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete