File _patchinfo of Package patchinfo.7535

<patchinfo incident="7535">
  <issue id="1060427" tracker="bnc">VUL-0: EMBARGOED: CVE-2017-14746: samba: remote code execution</issue>
  <issue id="1063008" tracker="bnc">VUL-0: EMBARGOED: CVE-2017-15275: samba: message_push_string() can leak uninitialized heap data to a client via SMB1.</issue>
  <issue id="1065066" tracker="bnc">Update to Samba from 4.6.8 to 4.6.9: minor bugfix release</issue>
  <issue id="1058624" tracker="bnc" >VUL-0: CVE-2017-12163: samba: Server memory information leak over SMB1</issue>
  <issue id="1058622" tracker="bnc" >VUL-0: CVE-2017-12150: samba: Some code path don't enforce smb signing, when they should.</issue>
  <issue id="1058565" tracker="bnc" >VUL-0: CVE-2017-12151: samba: Keep required encryption across SMB3 dfs redirects</issue>
  <issue id="2017-12163" tracker="cve" />
  <issue id="2017-12150" tracker="cve" />
  <issue id="2017-12151" tracker="cve" />
  <issue id="2017-15275" tracker="cve" />
  <issue id="2017-14746" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>scabrero</packager>
  <description>This update for samba fixes the following issues:

Security issues fixed:

- CVE-2017-14746: Use-after-free vulnerability (bsc#1060427).
- CVE-2017-15275: Server heap memory information leak (bsc#1063008).
- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file (bsc#1058624).
- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565).
- CVE-2017-12150: Some code path don't enforce smb signing when they should (bsc#1058565).

Bug fixes:
- Samba was updated to 4.6.9 (bsc#1065066) see release notes for details.
  * https://www.samba.org/samba/history/samba-4.6.9.html

This update was imported from the SUSE:SLE-12-SP3:Update update project.</description>
  <summary>Security update for samba</summary>
</patchinfo>