安全公告详情

NS-SA-2022-0058

2022-05-08 20:35:23

简介

critical: samba/sane-backends security update

严重级别

critical

主题

An update for samba/sane-backends is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

samba: This package provides debug information for package ctdb-tests. Debug information is useful when developing applications that use this package or when debugging this package.
sane-backends: This package provides debug sources for package sane-backends. Debug sources are useful when developing applications that use this package or when debugging this package.


Security Fix(es):
samba: A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-1472)
samba: A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality.(CVE-2020-14318)
samba: A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14323)
samba: bugfix
sane-backends: A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.(CVE-2020-12867)
sane-backends: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.80B5.

影响组件

  • samba
  • sane-backends

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["ctdb-tests-debuginfo-4.13.3-3.el8.x86_64.rpm","python3-samba-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-test-libs-4.13.3-3.el8.x86_64.rpm","samba-vfs-glusterfs-debuginfo-4.13.3-3.el8.x86_64.rpm","ctdb-tests-4.13.3-3.el8.x86_64.rpm","libwbclient-devel-4.13.3-3.el8.x86_64.rpm","samba-winbind-clients-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-winbind-clients-4.13.3-3.el8.x86_64.rpm","libsmbclient-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-libs-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-debugsource-4.13.3-3.el8.x86_64.rpm","ctdb-debuginfo-4.13.3-3.el8.x86_64.rpm","python3-samba-4.13.3-3.el8.x86_64.rpm","samba-krb5-printing-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-common-libs-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-pidl-4.13.3-3.el8.noarch.rpm","samba-client-debuginfo-4.13.3-3.el8.x86_64.rpm","libwbclient-4.13.3-3.el8.x86_64.rpm","samba-test-debuginfo-4.13.3-3.el8.x86_64.rpm","ctdb-4.13.3-3.el8.x86_64.rpm","samba-client-libs-4.13.3-3.el8.x86_64.rpm","samba-krb5-printing-4.13.3-3.el8.x86_64.rpm","samba-4.13.3-3.el8.x86_64.rpm","samba-winexe-4.13.3-3.el8.x86_64.rpm","python3-samba-test-4.13.3-3.el8.x86_64.rpm","samba-client-libs-debuginfo-4.13.3-3.el8.x86_64.rpm","libsmbclient-4.13.3-3.el8.x86_64.rpm","samba-winbind-modules-4.13.3-3.el8.x86_64.rpm","samba-common-tools-4.13.3-3.el8.x86_64.rpm","python3-samba-devel-4.13.3-3.el8.x86_64.rpm","samba-winbind-krb5-locator-4.13.3-3.el8.x86_64.rpm","samba-libs-4.13.3-3.el8.x86_64.rpm","samba-common-tools-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-vfs-glusterfs-4.13.3-3.el8.x86_64.rpm","samba-client-4.13.3-3.el8.x86_64.rpm","samba-devel-4.13.3-3.el8.x86_64.rpm","samba-common-libs-4.13.3-3.el8.x86_64.rpm","libsmbclient-devel-4.13.3-3.el8.x86_64.rpm","samba-common-4.13.3-3.el8.noarch.rpm","samba-winbind-modules-debuginfo-4.13.3-3.el8.x86_64.rpm","libwbclient-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-winbind-4.13.3-3.el8.x86_64.rpm","samba-test-libs-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-winexe-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-winbind-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-winbind-krb5-locator-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-debuginfo-4.13.3-3.el8.x86_64.rpm","samba-test-4.13.3-3.el8.x86_64.rpm"],"source":"samba-4.13.3-3.el8.src.rpm"},{"binary":["sane-backends-libs-debuginfo-1.0.27-22.el8.x86_64.rpm","sane-backends-debugsource-1.0.27-22.el8.x86_64.rpm","sane-backends-drivers-cameras-debuginfo-1.0.27-22.el8.x86_64.rpm","sane-backends-debuginfo-1.0.27-22.el8.x86_64.rpm","sane-backends-daemon-debuginfo-1.0.27-22.el8.x86_64.rpm","sane-backends-drivers-scanners-debuginfo-1.0.27-22.el8.x86_64.rpm","sane-backends-1.0.27-22.el8.x86_64.rpm","sane-backends-drivers-scanners-1.0.27-22.el8.x86_64.rpm","sane-backends-drivers-cameras-1.0.27-22.el8.x86_64.rpm","sane-backends-doc-1.0.27-22.el8.noarch.rpm","sane-backends-devel-1.0.27-22.el8.x86_64.rpm","sane-backends-daemon-1.0.27-22.el8.x86_64.rpm","sane-backends-libs-1.0.27-22.el8.x86_64.rpm"],"source":"sane-backends-1.0.27-22.el8.src.rpm"}]}]}

CVE

参考