Download
| Alert*
|
oval:org.secpod.oval:def:89044303
This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold . - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs . - Avoid free"ing our own pointer in memc ... oval:org.secpod.oval:def:89044246 This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - Avoid free"ing our own pointer in memcache when memcache_trim attempts to reduce cache size . - Adjust smbcacls "--propagate-inheritance" feature to align with upstream . oval:org.secpod.oval:def:89044265 libsamdb-devel is installed oval:org.secpod.oval:def:89050245 This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; ; oval:org.secpod.oval:def:89050464 This update for samba fixes the following issues: Security issue fixed: - CVE-2020-10704: Fixed a stack overflow in the AD DC LDAP server . Non-security issues fixed: - Fixed spnego fallback from kerberos to ntlmssp in smbd server . - Fixed warning messages for non root users using smbclient . oval:org.secpod.oval:def:89050481 This update for samba fixes the following issues: Security issues fixed: - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing . - CVE-2019-14902: Fixed an issue where automatic replication of ACLs down subtree on AD Directory is not working . - CVE-2 ... oval:org.secpod.oval:def:89050483 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU . - CVE-2020-14303: Fixed an endless loop when receiving at AD DC empty UDP packets . - CVE-2020-10730: Fi ... oval:org.secpod.oval:def:89050714 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share . ldb was updated to version 1.2.4 : - Out of bound read in ldb_wildcard_compare - Hold at ... oval:org.secpod.oval:def:89050749 This update for samba fixes the following issues: Security issues fixed: - CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync . - CVE-2019-10218: Client code can return filenames containing path separators . - CVE-2019-14833: Fixed Accent with "check script pa ... oval:org.secpod.oval:def:89050845 This update for samba fixes the following issues: Security issues fixed: - CVE-2019-12435: zone operations can crash rpc server; ; . Other issues fixed: - Fix cephwrap_flistxattr debug message; ; . - Add ceph_snapshots VFS module; . - Fix vfs_ceph realpath; ; . - MacOS credit accounting breaks with ... oval:org.secpod.oval:def:89050924 This update for provides the following fixes: Following security issues were fixed: - CVE-2019-14847: User with "get changes" permission could have crashed AD DC LDAP server via dirsync . - CVE-2019-10218: Client code could have returned filenames containing path separators . - CVE-2019-14833: Accen ... oval:org.secpod.oval:def:89048181 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel . - CVE- ... oval:org.secpod.oval:def:89049721 This update for samba fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn"t allow it; - CVE-2018-1140: ldbsearch "" and DNS query with escapes crashes; - CVE-2018-10919: Confidential attribute disclosure via substrin ... oval:org.secpod.oval:def:89049656 This update for samba fixes the following issues: Update to samba version 4.7.11. Security issues fixed: - CVE-2018-14629: Fixed CNAME loops in Samba AD DC DNS server . - CVE-2018-16841: Fixed segfault on PKINIT when mis-matching principal . - CVE-2018-16851: Fixed NULL pointer de-reference in Samba ... oval:org.secpod.oval:def:89047260 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold . - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs . - Spec file fixes around systemd and req ... oval:org.secpod.oval:def:89048537 This update for samba fixes the following issues: * CVE-2023-0922: Fixed Samba AD DC admin tool samba-tool sending passwords in cleartext . oval:org.secpod.oval:def:89045773 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos . - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members . oval:org.secpod.oval:def:89047239 This update for samba fixes the following issues: - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when "allow trusted domains" is off; ; oval:org.secpod.oval:def:89047256 This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue administrator tickets to other servers . - CVE-2021-3738: Fixed crash in dsdb stack . - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos . - CVE-2020-2571 ... oval:org.secpod.oval:def:89045772 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos . - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members . oval:org.secpod.oval:def:89048684 This update for samba fixes the following issues: * CVE-2023-0922: Fixed Samba AD DC admin tool samba-tool sending passwords in cleartext . oval:org.secpod.oval:def:89049162 This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . Bugfixes: * Fixed trust relationship failure . oval:org.secpod.oval:def:89049288 This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . Bugfixes: * Fixed trust relationship failure oval:org.secpod.oval:def:89050252 This update for samba fixes the following issues: Update to samba 4.11.14 - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records . - CVE-2020-14323: Unprivileged user can crash winbind . - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify . - l ... oval:org.secpod.oval:def:89050381 This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records . - CVE-2020-14323: Unprivileged user can crash winbind . - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify . oval:org.secpod.oval:def:89050374 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol . - Update to samba 4.11 ... oval:org.secpod.oval:def:89050503 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol . oval:org.secpod.oval:def:89050691 This update for samba fixes the following issues: - CVE-2019-14861: Fixed a DNSServer RPC server crash, that allowed an authenticated user to crash the DCE/RPC DNS management server by creating records with matching the zone name . - CVE-2019-14870: Fixed a DelegationNotAllowed not being enforced . oval:org.secpod.oval:def:89050616 This update for samba fixes the following issues: - CVE-2019-14861: Fixed a DNSServer RPC server crash, that allowed an authenticated user to crash the DCE/RPC DNS management server by creating records with matching the zone name . - CVE-2019-14870: Fixed a DelegationNotAllowed not being enforced . |
