Security update for samba
samba was updated to fix two security issues.
These security issues were fixed:
- CVE-2015-0240: Ensure we don't call talloc_free on an uninitialized pointer (bnc#917376).
- CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allowed remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (bnc#914279).
Several non-security issues were fixed, please refer to the changes file.
-
Submitted by
Lars Müller (lmuelle)
Fixed bugs
bnc#914279
VUL-0: CVE-2014-8143 samba: Privileges elevation to Active Directory Domain Controller
bnc#917376
VUL-0: CVE-2015-0240: samba/talloc: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability.
