SUSE-SU-2017:1392-1

UNKNOWN

Security update for samba

Published May 24, 2017

Modified 8 years ago

Fix available

Details

This update for samba fixes the following issue:

An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231]

Affected Packages(77 packages)

libdcerpc-binding0

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

4.2.4-28.14.1

libdcerpc-binding0-32bit

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

4.2.4-28.14.1

libdcerpc0

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

4.2.4-28.14.1

libdcerpc0-32bit

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

4.2.4-28.14.1

libgensec0

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

4.2.4-28.14.1

libgensec0-32bit

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

4.2.4-28.14.1

libndr-krb5pac0

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

4.2.4-28.14.1

libndr-krb5pac0-32bit

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

4.2.4-28.14.1

libndr-nbt0

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

4.2.4-28.14.1

libndr-nbt0-32bit

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

4.2.4-28.14.1

References

REPORT

https://bugzilla.suse.com/1038231

WEB

https://www.suse.com/security/cve/CVE-2017-7494

ADVISORY

https://www.suse.com/support/update/announcement/2017/suse-su-20171392-1/

Upstream

CVE-2017-7494

Ecosystems(10)

SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise High Availability Extension 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2

Timeline

PublishedMay 24, 2017

ModifiedMay 24, 2017

SUSE-SU-2017:1392-1 | Mondoo Vulnerability Intelligence