File _patchinfo of Package patchinfo.6815

<patchinfo incident="6815">
  <issue id="1027593" tracker="bnc">samba: new default "winbind expand groups = 0" results in AD users can not change group</issue>
  <issue id="1060427" tracker="bnc">VUL-0: CVE-2017-14746: samba: remote code execution</issue>
  <issue id="1081741" tracker="bnc">VUL-0: EMBARGOED: CVE-2018-1050: samba: Codenomicon crashes in spoolss server code.</issue>
  <issue id="1063008" tracker="bnc">VUL-0: CVE-2017-15275: samba: message_push_string() can leak uninitialized heap data to a client via SMB1.</issue>
  <issue id="1103411" tracker="bnc">VUL-0: EMBARGOED: CVE-2018-10858: samba: Insufficient input validation on client directory listing in libsmbclient</issue>
  <issue id="2017-15275" tracker="cve" />
  <issue id="2018-1050" tracker="cve" />
  <issue id="2017-14746" tracker="cve" />
  <issue id="2018-10858" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>jmcdough</packager>
  <description>This update for samba fixes the following issues:

Security issues fixed:

- CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741).
- CVE-2017-14746: Fixed use-after-free vulnerability (bsc#1060427).
- CVE-2017-15275: Fixed server heap memory information leak (bsc#1063008).
- CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411)

Bug fixes:

- bsc#1027593: Update 'winbind expand groups' doc in smb.conf man page. 
</description>
  <summary>Security update for samba</summary>
</patchinfo>
Places

File _patchinfo of Package patchinfo.6815

Places
