Overview

File _patchinfo of Package patchinfo.3560

<patchinfo incident="3560">
  <issue id="914279" tracker="bnc">VUL-0: CVE-2014-8143 samba: Privileges elevation to Active Directory Domain Controller</issue>
  <issue id="917376" tracker="bnc">VUL-0: CVE-2015-0240: samba/talloc: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability.</issue>
  <issue id="CVE-2015-0240" tracker="cve" />
  <issue id="CVE-2014-8143" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>lmuelle</packager>
  <description>samba was updated to fix two security issues.

These security issues were fixed:
- CVE-2015-0240: Ensure we don't call talloc_free on an uninitialized pointer (bnc#917376).
- CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allowed remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (bnc#914279).

Several non-security issues were fixed, please refer to the changes file.
</description>
  <summary>Security update for samba</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places