Security update for samba
This update for samba fixes the following issues:
The following security vulnerabilities were fixed:
- CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; (bsc#1095048)
- CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes; (bsc#1095056)
- CVE-2018-10919: Confidential attribute disclosure via substring search; (bsc#1095057)
- CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow; (bsc#1103411)
- CVE-2018-10918: Fix NULL ptr dereference in DsCrackNames on a user without a SPN; (bsc#1103414)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Aurelien Aptel (aaptel)
Fixed bugs
bnc#1095048
VUL-0: CVE-2018-1139: samba: ntlmv1 auth available although disabled
bnc#1095056
VUL-0: CVE-2018-1140: samba: ldbsearch (distinguishedName=abc) crashes
bnc#1095057
VUL-0: CVE-2018-10919: samba: Confidential attribute disclosure via substring search
bnc#1103411
VUL-0: CVE-2018-10858: samba: Insufficient input validation on client directory listing in libsmbclient
bnc#1103414
VUL-0: CVE-2018-10918: samba: Denial of Service Attack on AD DC DRSUAPI server
