You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa samba

Sigurnosni nedostaci programskog paketa samba

——————————————————————————–
Fedora Update Notification
FEDORA-2019-57d43f3b58
2019-11-14 01:11:58.739660
——————————————————————————–

Name : samba
Product : Fedora 31
Version : 4.11.2
Release : 1.fc31
URL : http://www.samba.org/
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.

——————————————————————————–
Update Information:

Update code to deal with removal of DES support in MIT Kerberos. —- Update
to Samba 4.11.2 – Security fixes for CVE-2019-10218, CVE-2019-14833 —- Since
MIT Kerberos deprecated use of DES encryption type, restore Samba AD domain
controller functionality by not using DES encryption keys. Only AES and RC4 keys
would work.
——————————————————————————–
ChangeLog:

* Wed Nov 6 2019 Alexander Bokovoy <abokovoy@redhat.com> – 4.11.2-1
– Update DES removal patch
* Tue Oct 29 2019 Guenther Deschner <gdeschner@redhat.com> – 4.11.2-0
– Update to Samba 4.11.2
– resolves: #1763137, #1766558 – Security fixes for CVE-2019-10218
– resolves: #1764126, #1766559 – Security fixes for CVE-2019-14833
* Sun Oct 27 2019 Alexander Bokovoy <abokovoy@redhat.com> – 4.11.1-1
– resolves: #1757071 – Deploy new samba DC fails
* Fri Oct 18 2019 Guenther Deschner <gdeschner@redhat.com> – 4.11.1-0
– Update to Samba 4.11.1
——————————————————————————–
References:

[ 1 ] Bug #1763137 – CVE-2019-10218 samba: smb client vulnerable to filenames containing path separators
https://bugzilla.redhat.com/show_bug.cgi?id=1763137
[ 2 ] Bug #1764126 – CVE-2019-14833 samba: AD DC check password script does not receive full password when non-ASCII characters are used
https://bugzilla.redhat.com/show_bug.cgi?id=1764126
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-57d43f3b58’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje uvećanih ovlasti. Savjetuje se ažuriranje izdanim...

Close