You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa samba

Sigurnosni nedostaci programskog paketa samba

——————————————————————————–
Fedora Update Notification
FEDORA-2019-11dddb785b
2020-01-03 20:35:14.416785
——————————————————————————–

Name : samba
Product : Fedora 30
Version : 4.10.11
Release : 0.fc30
URL : http://www.samba.org/
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.

——————————————————————————–
Update Information:

Update to Samba 4.10.11, Security fixes for CVE-2019-14861 and CVE-2019-14870
——————————————————————————–
ChangeLog:

* Tue Dec 10 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.11-0
– Update to Samba 4.10.11
– resolves: #1778586, #1781542 – Security fixes for CVE-2019-14861
– resolves: #1778589, #1781545 – Security fixes for CVE-2019-14870
* Tue Oct 29 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.10-0
– Update to Samba 4.10.10
– resolves: #1763137, #1766558 – Security fixes for CVE-2019-10218
– resolves: #1764126, #1766559 – Security fixes for CVE-2019-14833
– resolves: #1764142, #1766847 – Security fixes for CVE-2019-14847
* Thu Oct 17 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.9-0
– Update to Samba 4.10.9
* Tue Sep 3 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.8-0
– Update to Samba 4.10.8
– resolves: #1746225, #1748308 – Security fixes for CVE-2019-10197
* Thu Aug 22 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.7-0
– Update to Samba 4.10.7
* Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> – 4.10.6-1
– Fix Samba bug https://bugzilla.samba.org/show_bug.cgi?id=14091
– Fixes: Windows systems cannot resolve IPA users and groups over LSA RPC
* Mon Jul 8 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.6-0
– Update to Samba 4.10.6
* Mon Jul 1 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.5-2
– resolves: #1718113 – Avoid deprecated time.clock in wafsamba
– resolves: #1711638 – Update to latest waf version 2.0.17
* Thu Jun 20 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.5-1
– resolves: #1602824 – Make vfs_fruit operable with other remote VFS modules
– resolves: #1716455 – Avoid pathconf() in get_real_filename() VFS calls
– resolves: #1706090, #1700791 – Fix smbspool
* Wed Jun 19 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.5-0
– Update to Samba 4.10.5
– resolves: #1711816, #1721872 – Security fixes for CVE-2019-12435
– resolves: #1711837, #1721873 – Security fixes for CVE-2019-12436
* Tue May 28 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.4-1
– Add missing ctdb directories
– resolves: #1656777
* Wed May 22 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.4-0
– Update to Samba 4.10.4
* Tue May 14 2019 Guenther Deschner <gdeschner@redhat.com> – 4.10.3-0
– Update to Samba 4.10.3
– resolves: #1705877, #1709679 – Security fixes for CVE-2018-16860
* Sun Apr 28 2019 Alexander Bokovoy <abokovoy@redhat.com> – 4.10.2-1.1
– Rebuild against krb5 1.17-14
* Mon Apr 15 2019 Andreas Schneider <asn@redhat.com> – 4.10.2-1
– resolves: #1699230 – Rebuild for MIT Kerberos soname bump of libkadm5srv
——————————————————————————–
References:

[ 1 ] Bug #1778586 – CVE-2019-14861 samba: An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name
https://bugzilla.redhat.com/show_bug.cgi?id=1778586
[ 2 ] Bug #1778589 – CVE-2019-14870 samba: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC
https://bugzilla.redhat.com/show_bug.cgi?id=1778589
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-11dddb785b’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libssh

Otkriven je sigurnosni nedostatak programske biblioteke libssh za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnih naredbi. Savjetuje...

Close