Security update for samba SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0375-1 Final 1 1 2015-02-23T16:37:39Z current 2015-02-23T16:37:39Z 2015-02-23T16:37:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for samba samba was updated to fix two security issues. These security issues were fixed: - CVE-2015-0240: Ensure we don't call talloc_free on an uninitialized pointer (bnc#917376). - CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allowed remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (bnc#914279). Several non-security issues were fixed, please refer to the changes file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html E-Mail link for openSUSE-SU-2015:0375-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libdcerpc-atsvc-devel-4.1.17-3.30.1 libdcerpc-atsvc0-4.1.17-3.30.1 libdcerpc-atsvc0-32bit-4.1.17-3.30.1 libdcerpc-binding0-4.1.17-3.30.1 libdcerpc-binding0-32bit-4.1.17-3.30.1 libdcerpc-devel-4.1.17-3.30.1 libdcerpc-samr-devel-4.1.17-3.30.1 libdcerpc-samr0-4.1.17-3.30.1 libdcerpc-samr0-32bit-4.1.17-3.30.1 libdcerpc0-4.1.17-3.30.1 libdcerpc0-32bit-4.1.17-3.30.1 libgensec-devel-4.1.17-3.30.1 libgensec0-4.1.17-3.30.1 libgensec0-32bit-4.1.17-3.30.1 libndr-devel-4.1.17-3.30.1 libndr-krb5pac-devel-4.1.17-3.30.1 libndr-krb5pac0-4.1.17-3.30.1 libndr-krb5pac0-32bit-4.1.17-3.30.1 libndr-nbt-devel-4.1.17-3.30.1 libndr-nbt0-4.1.17-3.30.1 libndr-nbt0-32bit-4.1.17-3.30.1 libndr-standard-devel-4.1.17-3.30.1 libndr-standard0-4.1.17-3.30.1 libndr-standard0-32bit-4.1.17-3.30.1 libndr0-4.1.17-3.30.1 libndr0-32bit-4.1.17-3.30.1 libnetapi-devel-4.1.17-3.30.1 libnetapi0-4.1.17-3.30.1 libnetapi0-32bit-4.1.17-3.30.1 libpdb-devel-4.1.17-3.30.1 libpdb0-4.1.17-3.30.1 libpdb0-32bit-4.1.17-3.30.1 libregistry-devel-4.1.17-3.30.1 libregistry0-4.1.17-3.30.1 libregistry0-32bit-4.1.17-3.30.1 libsamba-credentials-devel-4.1.17-3.30.1 libsamba-credentials0-4.1.17-3.30.1 libsamba-credentials0-32bit-4.1.17-3.30.1 libsamba-hostconfig-devel-4.1.17-3.30.1 libsamba-hostconfig0-4.1.17-3.30.1 libsamba-hostconfig0-32bit-4.1.17-3.30.1 libsamba-policy-devel-4.1.17-3.30.1 libsamba-policy0-4.1.17-3.30.1 libsamba-policy0-32bit-4.1.17-3.30.1 libsamba-util-devel-4.1.17-3.30.1 libsamba-util0-4.1.17-3.30.1 libsamba-util0-32bit-4.1.17-3.30.1 libsamdb-devel-4.1.17-3.30.1 libsamdb0-4.1.17-3.30.1 libsamdb0-32bit-4.1.17-3.30.1 libsmbclient-devel-4.1.17-3.30.1 libsmbclient-raw-devel-4.1.17-3.30.1 libsmbclient-raw0-4.1.17-3.30.1 libsmbclient-raw0-32bit-4.1.17-3.30.1 libsmbclient0-4.1.17-3.30.1 libsmbclient0-32bit-4.1.17-3.30.1 libsmbconf-devel-4.1.17-3.30.1 libsmbconf0-4.1.17-3.30.1 libsmbconf0-32bit-4.1.17-3.30.1 libsmbldap-devel-4.1.17-3.30.1 libsmbldap0-4.1.17-3.30.1 libsmbldap0-32bit-4.1.17-3.30.1 libsmbsharemodes-devel-4.1.17-3.30.1 libsmbsharemodes0-4.1.17-3.30.1 libtevent-util-devel-4.1.17-3.30.1 libtevent-util0-4.1.17-3.30.1 libtevent-util0-32bit-4.1.17-3.30.1 libwbclient-devel-4.1.17-3.30.1 libwbclient0-4.1.17-3.30.1 libwbclient0-32bit-4.1.17-3.30.1 samba-4.1.17-3.30.1 samba-32bit-4.1.17-3.30.1 samba-client-4.1.17-3.30.1 samba-client-32bit-4.1.17-3.30.1 samba-core-devel-4.1.17-3.30.1 samba-doc-4.1.17-3.30.1 samba-libs-4.1.17-3.30.1 samba-libs-32bit-4.1.17-3.30.1 samba-pidl-4.1.17-3.30.1 samba-python-4.1.17-3.30.1 samba-test-4.1.17-3.30.1 samba-test-devel-4.1.17-3.30.1 samba-winbind-4.1.17-3.30.1 samba-winbind-32bit-4.1.17-3.30.1 Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. CVE-2014-8143 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html https://www.suse.com/security/cve/CVE-2014-8143.html CVE-2014-8143 https://bugzilla.suse.com/914279 SUSE Bug 914279 The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. CVE-2015-0240 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html https://www.suse.com/security/cve/CVE-2015-0240.html CVE-2015-0240 https://bugzilla.suse.com/917376 SUSE Bug 917376