安全公告详情

NS-SA-2019-0128

2019-07-17 15:03:11

简介

important: openslp/samba4 security update

严重级别

important

主题

An update for openslp/samba4 is now available for NewStart CGSL MAIN 4.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

openslp: Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. OpenSLP is an open source implementation of the SLPv2 protocol as defined by RFC 2608 and RFC 2614.
samba4: Samba is the standard Windows interoperability suite of programs for Linux and Unix.


Security Fix(es):
openslp: A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution.(CVE-2017-17833)
openslp: bugfix
samba4: A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.(CVE-2018-1050)
samba4: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 4.05.F12.

影响组件

  • openslp
  • samba4

影响产品

  • CGSL MAIN 4.05

更新包

{"fix":[{"product":"CGSL MAIN 4.05","pkgs":[{"binary":["openslp-2.0.0-3.el6.x86_64.rpm","openslp-debuginfo-2.0.0-3.el6.x86_64.rpm","openslp-devel-2.0.0-3.el6.x86_64.rpm","openslp-server-2.0.0-3.el6.x86_64.rpm"],"source":"openslp-2.0.0-3.el6.src.rpm"},{"binary":["samba4-4.2.10-15.el6.x86_64.rpm","samba4-client-4.2.10-15.el6.x86_64.rpm","samba4-common-4.2.10-15.el6.x86_64.rpm","samba4-dc-4.2.10-15.el6.x86_64.rpm","samba4-dc-libs-4.2.10-15.el6.x86_64.rpm","samba4-debuginfo-4.2.10-15.el6.x86_64.rpm","samba4-devel-4.2.10-15.el6.x86_64.rpm","samba4-libs-4.2.10-15.el6.x86_64.rpm","samba4-pidl-4.2.10-15.el6.x86_64.rpm","samba4-python-4.2.10-15.el6.x86_64.rpm","samba4-test-4.2.10-15.el6.x86_64.rpm","samba4-winbind-4.2.10-15.el6.x86_64.rpm","samba4-winbind-clients-4.2.10-15.el6.x86_64.rpm","samba4-winbind-krb5-locator-4.2.10-15.el6.x86_64.rpm"],"source":"samba4-4.2.10-15.el6.src.rpm"}]}]}

CVE

参考