An update for subversion/samba is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
subversion: This package includes the Ruby bindings to the Subversion libraries.
samba: The samba-client package provides some SMB/CIFS clients to complement the built-in SMB/CIFS filesystem in Linux. These clients allow access of SMB/CIFS shares and printing to SMB/CIFS printers.
Security Fix(es):
subversion: In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.(CVE-2018-11782)
subversion: bugfix
samba: A flaw was found in samba. When log levels are set at 3 or higher, the string obtained from the client, after a failed character conversion, is printed which could cause long-lived processes to terminate. The highest threat from this vulnerability is to system availability.(CVE-2019-14907)
samba: A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-1472)
samba: A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14323)
samba: A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality.(CVE-2020-14318)
samba: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F11B5.
影响组件
影响产品
- CGSL MAIN 5.05
- CGSL CORE 5.05
更新包
{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["subversion-ruby-1.7.14-16.el7.x86_64.rpm","subversion-gnome-1.7.14-16.el7.x86_64.rpm","subversion-javahl-1.7.14-16.el7.x86_64.rpm","subversion-devel-1.7.14-16.el7.x86_64.rpm","subversion-1.7.14-16.el7.x86_64.rpm","subversion-kde-1.7.14-16.el7.x86_64.rpm","subversion-perl-1.7.14-16.el7.x86_64.rpm","mod_dav_svn-1.7.14-16.el7.x86_64.rpm","subversion-tools-1.7.14-16.el7.x86_64.rpm","subversion-libs-1.7.14-16.el7.x86_64.rpm","subversion-python-1.7.14-16.el7.x86_64.rpm"],"source":"subversion-1.7.14-16.el7.src.rpm"},{"binary":["samba-common-tools-4.10.16-9.el7_9.x86_64.rpm","libwbclient-4.10.16-9.el7_9.x86_64.rpm","samba-dc-libs-4.10.16-9.el7_9.x86_64.rpm","samba-pidl-4.10.16-9.el7_9.noarch.rpm","samba-libs-4.10.16-9.el7_9.x86_64.rpm","samba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm","samba-test-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm","samba-test-libs-4.10.16-9.el7_9.x86_64.rpm","samba-python-test-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm","samba-client-4.10.16-9.el7_9.x86_64.rpm","samba-dc-4.10.16-9.el7_9.x86_64.rpm","samba-common-libs-4.10.16-9.el7_9.x86_64.rpm","libsmbclient-4.10.16-9.el7_9.x86_64.rpm","samba-4.10.16-9.el7_9.x86_64.rpm","samba-client-libs-4.10.16-9.el7_9.x86_64.rpm","libwbclient-devel-4.10.16-9.el7_9.x86_64.rpm","samba-common-4.10.16-9.el7_9.noarch.rpm","samba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm","samba-python-4.10.16-9.el7_9.x86_64.rpm","samba-devel-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-4.10.16-9.el7_9.x86_64.rpm"],"source":"samba-4.10.16-9.el7_9.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["subversion-ruby-1.7.14-16.el7.x86_64.rpm","subversion-gnome-1.7.14-16.el7.x86_64.rpm","subversion-javahl-1.7.14-16.el7.x86_64.rpm","subversion-devel-1.7.14-16.el7.x86_64.rpm","subversion-1.7.14-16.el7.x86_64.rpm","subversion-kde-1.7.14-16.el7.x86_64.rpm","subversion-perl-1.7.14-16.el7.x86_64.rpm","mod_dav_svn-1.7.14-16.el7.x86_64.rpm","subversion-tools-1.7.14-16.el7.x86_64.rpm","subversion-libs-1.7.14-16.el7.x86_64.rpm","subversion-python-1.7.14-16.el7.x86_64.rpm"],"source":"subversion-1.7.14-16.el7.src.rpm"},{"binary":["samba-common-tools-4.10.16-9.el7_9.x86_64.rpm","libwbclient-4.10.16-9.el7_9.x86_64.rpm","samba-dc-libs-4.10.16-9.el7_9.x86_64.rpm","samba-pidl-4.10.16-9.el7_9.noarch.rpm","samba-libs-4.10.16-9.el7_9.x86_64.rpm","samba-krb5-printing-4.10.16-9.el7_9.x86_64.rpm","samba-test-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-krb5-locator-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-clients-4.10.16-9.el7_9.x86_64.rpm","samba-test-libs-4.10.16-9.el7_9.x86_64.rpm","samba-python-test-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-modules-4.10.16-9.el7_9.x86_64.rpm","samba-client-4.10.16-9.el7_9.x86_64.rpm","samba-dc-4.10.16-9.el7_9.x86_64.rpm","ctdb-tests-4.10.16-9.el7_9.x86_64.rpm","samba-common-libs-4.10.16-9.el7_9.x86_64.rpm","libsmbclient-4.10.16-9.el7_9.x86_64.rpm","samba-4.10.16-9.el7_9.x86_64.rpm","ctdb-4.10.16-9.el7_9.x86_64.rpm","samba-client-libs-4.10.16-9.el7_9.x86_64.rpm","libwbclient-devel-4.10.16-9.el7_9.x86_64.rpm","samba-common-4.10.16-9.el7_9.noarch.rpm","samba-vfs-glusterfs-4.10.16-9.el7_9.x86_64.rpm","samba-python-4.10.16-9.el7_9.x86_64.rpm","samba-devel-4.10.16-9.el7_9.x86_64.rpm","libsmbclient-devel-4.10.16-9.el7_9.x86_64.rpm","samba-winbind-4.10.16-9.el7_9.x86_64.rpm"],"source":"samba-4.10.16-9.el7_9.src.rpm"}]}]}
CVE
参考