An update for samba/openldap is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
samba: samba-test-libs provides libraries required by the testing tools.
openldap: The openldap-devel package includes the development libraries and header files needed for compiling applications that use LDAP (Lightweight Directory Access Protocol) internals. LDAP is a set of protocols for enabling directory services over the Internet. Install this package only if you plan to develop or will need to compile customized LDAP clients.
Security Fix(es):
samba: A flaw was found in samba. When log levels are set at 3 or higher, the string obtained from the client, after a failed character conversion, is printed which could cause long-lived processes to terminate. The highest threat from this vulnerability is to system availability.(CVE-2019-14907)
samba: A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-1472)
samba: A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14323)
samba: A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality.(CVE-2020-14318)
samba: bugfix
openldap: In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).(CVE-2020-12243)
openldap: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F29B5.
影响组件
影响产品
- CGSL MAIN 5.04
- CGSL CORE 5.04
更新包
{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["samba-common-tools-4.10.16-9.el7_9.x86_64.rpm","libwbclient-4.10.16-9.el7_9.x86_64.rpm","samba-dc-libs-4.10.16-9.el7_9.x86_64.rpm","samba-pidl-4.10.16-9.el7_9.noarch.rpm","samba-libs-4.10.16-9.el7_9.x86_64.rpm","samba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm","samba-test-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm","samba-test-libs-4.10.16-9.el7_9.x86_64.rpm","samba-python-test-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm","samba-client-4.10.16-9.el7_9.x86_64.rpm","samba-dc-4.10.16-9.el7_9.x86_64.rpm","ctdb-tests-4.10.16-9.el7_9.x86_64.rpm","samba-common-libs-4.10.16-9.el7_9.x86_64.rpm","libsmbclient-4.10.16-9.el7_9.x86_64.rpm","samba-4.10.16-9.el7_9.x86_64.rpm","ctdb-4.10.16-9.el7_9.x86_64.rpm","samba-client-libs-4.10.16-9.el7_9.x86_64.rpm","libwbclient-devel-4.10.16-9.el7_9.x86_64.rpm","samba-common-4.10.16-9.el7_9.noarch.rpm","samba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm","samba-python-4.10.16-9.el7_9.x86_64.rpm","samba-devel-4.10.16-9.el7_9.x86_64.rpm","libsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-4.10.16-9.el7_9.x86_64.rpm"],"source":"samba-4.10.16-9.el7_9.src.rpm"},{"binary":["openldap-devel-2.4.44-22.el7.x86_64.rpm","openldap-servers-sql-2.4.44-22.el7.x86_64.rpm","openldap-debuginfo-2.4.44-22.el7.x86_64.rpm","openldap-2.4.44-22.el7.x86_64.rpm","openldap-servers-2.4.44-22.el7.x86_64.rpm","openldap-clients-2.4.44-22.el7.x86_64.rpm"],"source":"openldap-2.4.44-22.el7.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["samba-common-tools-4.10.16-9.el7_9.x86_64.rpm","libwbclient-4.10.16-9.el7_9.x86_64.rpm","samba-dc-libs-4.10.16-9.el7_9.x86_64.rpm","samba-pidl-4.10.16-9.el7_9.noarch.rpm","samba-libs-4.10.16-9.el7_9.x86_64.rpm","samba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm","samba-test-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm","samba-test-libs-4.10.16-9.el7_9.x86_64.rpm","samba-python-test-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm","samba-client-4.10.16-9.el7_9.x86_64.rpm","samba-dc-4.10.16-9.el7_9.x86_64.rpm","ctdb-tests-4.10.16-9.el7_9.x86_64.rpm","samba-common-libs-4.10.16-9.el7_9.x86_64.rpm","libsmbclient-4.10.16-9.el7_9.x86_64.rpm","samba-4.10.16-9.el7_9.x86_64.rpm","ctdb-4.10.16-9.el7_9.x86_64.rpm","samba-client-libs-4.10.16-9.el7_9.x86_64.rpm","libwbclient-devel-4.10.16-9.el7_9.x86_64.rpm","samba-common-4.10.16-9.el7_9.noarch.rpm","samba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm","samba-python-4.10.16-9.el7_9.x86_64.rpm","samba-devel-4.10.16-9.el7_9.x86_64.rpm","libsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-4.10.16-9.el7_9.x86_64.rpm"],"source":"samba-4.10.16-9.el7_9.src.rpm"},{"binary":["openldap-devel-2.4.44-22.el7.x86_64.rpm","openldap-servers-sql-2.4.44-22.el7.x86_64.rpm","openldap-debuginfo-2.4.44-22.el7.x86_64.rpm","openldap-2.4.44-22.el7.x86_64.rpm","openldap-servers-2.4.44-22.el7.x86_64.rpm","openldap-clients-2.4.44-22.el7.x86_64.rpm"],"source":"openldap-2.4.44-22.el7.src.rpm"}]}]}
CVE
参考