File _patchinfo of Package patchinfo.6032

<patchinfo incident="6032">
  <issue id="1027593" tracker="bnc">samba: new default "winbind expand groups = 0" results in AD users can not change group</issue>
  <issue id="1060427" tracker="bnc">VUL-0: EMBARGOED: CVE-2017-14746: samba: remote code execution</issue>
  <issue id="1063008" tracker="bnc">VUL-0: EMBARGOED: CVE-2017-15275: samba: message_push_string() can leak uninitialized heap data to a client via SMB1.</issue>
  <issue id="2017-15275" tracker="cve" />
  <issue id="2017-14746" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>scabrero</packager>
  <description>This update for samba fixes the following issues:

Security issues fixed:

- CVE-2017-14746: Use-after-free vulnerability (bsc#1060427).
- CVE-2017-15275: Server heap memory information leak (bsc#1063008).

Bug fixes:

- Update 'winbind expand groups' doc in smb.conf man page (bsc#1027593).
</description>
  <summary>Security update for samba</summary>
</patchinfo>
Places

File _patchinfo of Package patchinfo.6032

Places
