Security update for samba
This update for samba fixes the following issues:
Security issues fixed:
- CVE-2017-14746: Use-after-free vulnerability (bsc#1060427).
- CVE-2017-15275: Server heap memory information leak (bsc#1063008).
- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file (bsc#1058624).
- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565).
- CVE-2017-12150: Some code path don't enforce smb signing when they should (bsc#1058565).
Bug fixes:
- Samba was updated to 4.6.9 (bsc#1065066) see release notes for details.
* https://www.samba.org/samba/history/samba-4.6.9.html
This update was imported from the SUSE:SLE-12-SP3:Update update project.
-
Submitted by
Samuel Cabrero (scabrero)
Fixed bugs
bnc#1060427
VUL-0: EMBARGOED: CVE-2017-14746: samba: remote code execution
bnc#1063008
VUL-0: EMBARGOED: CVE-2017-15275: samba: message_push_string() can leak uninitialized heap data to a client via SMB1.
bnc#1065066
Update to Samba from 4.6.8 to 4.6.9: minor bugfix release
bnc#1058624
VUL-0: CVE-2017-12163: samba: Server memory information leak over SMB1
bnc#1058622
VUL-0: CVE-2017-12150: samba: Some code path don't enforce smb signing, when they should.
bnc#1058565
VUL-0: CVE-2017-12151: samba: Keep required encryption across SMB3 dfs redirects
