Security update for samba and resource-agents
This update provides Samba 4.6.7, which fixes the following issues:
- CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext (the Ticket)
rather than the authenticated and encrypted KDC response. (bsc#1048278)
- Fix cephwrap_chdir(). (bsc#1048790)
- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb. (bsc#1048339)
- Fix inconsistent ctdb socket path. (bsc#1048352)
- Fix non-admin cephx authentication. (bsc#1048387)
- CTDB cannot start when there is no persistent database. (bsc#1052577)
The CTDB resource agent was also fixed to not fail when the database is empty.
This update was imported from the SUSE:SLE-12-SP3:Update update project.
-
Submitted by
David Disseldorp (dmdiss)
Fixed bugs
bnc#1054017
Samba upstream bugfix update to samba-4.6.7
bnc#1048352
inconsistent ctdb socket path usage
bnc#1048278
VUL-0: CVE-2017-11103: samba: Orpheus' Lyre KDC-REP service name Orpheus' Lyre KDC-REP service name validation (mutual auth bypass) in embedded Heimdalvalidation (mutual auth bypass) in embedded Heimdal
bnc#1048790
inconsistent directory listings via samba gateway
bnc#1048339
ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb
bnc#1048387
Samba cephx auth fails when using a non-admin keyring
bnc#1052577
CTDB cannot start when there is no persistent database, fails with "Persistent database is corrupted"
