Security update for samba
This update for samba fixes the following issues:
Security issues fixed:
- CVE-2017-14746: Use-after-free vulnerability (bsc#1060427).
- CVE-2017-15275: Server heap memory information leak (bsc#1063008).
Bug fixes:
- Update 'winbind expand groups' doc in smb.conf man page (bsc#1027593).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Samuel Cabrero (scabrero)
Fixed bugs
bnc#1027593
samba: new default "winbind expand groups = 0" results in AD users can not change group
bnc#1060427
VUL-0: EMBARGOED: CVE-2017-14746: samba: remote code execution
bnc#1063008
VUL-0: EMBARGOED: CVE-2017-15275: samba: message_push_string() can leak uninitialized heap data to a client via SMB1.
