Security update for samba
This update for samba fixes the following issues:
- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).
- CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).
- CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
-
Submitted by
Samuel Cabrero (scabrero)
Fixed bugs
bnc#1177613
VUL-0: EMBARGOED: CVE-2020-14383: samba: Remote crash after adding MX records
bnc#1173902
VUL-1: EMBARGOED: CVE-2020-14318: samba: ChangeNotify does not check handle permissions
bnc#1173994
VUL-0: EMBARGOED: CVE-2020-14323: samba: Denial of service in winbindd.
