Overview

File _patchinfo of Package patchinfo.9555

<patchinfo incident="9555">
  <issue tracker="bnc" id="1101499">system stops booting when /var/log/samba does not exist</issue>
  <issue tracker="bnc" id="1068059">winbindd: do not modify credentials in NTLM passthrough (13126)</issue>
  <issue tracker="bnc" id="1102230">deadlock with ctdb_mutex_ceph_rados_helper</issue>
  <issue tracker="bnc" id="1116319">VUL-0: EMBARGOED: CVE-2018-14629: samba: CNAME loops in Samba AD DC DNS server</issue>
  <issue tracker="bnc" id="1116322">VUL-0: EMBARGOED: CVE-2018-16851: samba: NULL pointer de-reference in Samba AD DC LDAP server</issue>
  <issue tracker="bnc" id="1087931">winbind -&gt; idmap_rid: default group always set to "Domain Users" not evaluating PrimaryGroupID ldap attribute</issue>
  <issue tracker="bnc" id="1116320">VUL-0: EMBARGOED: CVE-2018-16841: samba: KDC Crash with PKINIT</issue>
  <issue tracker="bnc" id="1087303">L3-Question: winbind: windows domain with one way trust not working</issue>
  <issue tracker="bnc" id="1116324">VUL-0: EMBARGOED: CVE-2018-16853: samba: Mark MIT support for the AD DC experimental (related to CVE-2018-16853)</issue>
  <issue tracker="cve" id="2018-14629"/>
  <issue tracker="cve" id="2018-16841"/>
  <issue tracker="cve" id="2018-16851"/>
  <issue tracker="cve" id="2018-16853"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>scabrero</packager>
  <description>This update for samba fixes the following issues:

Update to samba version 4.7.11.

Security issues fixed:

- CVE-2018-14629: Fixed CNAME loops in Samba AD DC DNS server (bsc#1116319).
- CVE-2018-16841: Fixed segfault on PKINIT when mis-matching principal (bsc#1116320).
- CVE-2018-16851: Fixed NULL pointer de-reference in Samba AD DC LDAP server (bsc#1116322).
- CVE-2018-16853: Mark MIT support for the AD DC experimental (bsc#1116324).

Non-security issues fixed:

- Fixed do not take over stderr when there is no log file (bsc#1101499).
- Fixed ctdb_mutex_ceph_rados_helper deadlock; (bsc#1102230).
- Fixed ntlm authentications with "winbind use default domain = yes"; (bsc#1068059).
- Fixed idmap_rid to have primary group other than "Domain Users"; (bsc#1087931).
- Fixed windows domain with one way trust that was not working (bsc#1087303).
</description>
  <summary>Security update for samba</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places