Custom Query (19905 matches)
Results (112 - 114 of 19905)
Ticket | Owner | Reporter | Resolution | Summary |
---|---|---|---|---|
#11021 | fixed | samba-4.8.4 | ||
Description |
New point version. NOTE: This release is designated as "critical" by the Samba team. ============================= Release Notes for Samba 4.8.4 August 14, 2018 ============================= This is a security release in order to address the following defects: o CVE-2018-1139 (Weak authentication protocol allowed.) o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.) o CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.) o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.) o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP server.) ======= Details ======= o CVE-2018-1139: Vulnerability that allows authentication via NTLMv1 even if disabled. o CVE-2018-1140: Missing null pointer checks may crash the Samba AD DC, both over DNS and LDAP. o CVE-2018-10858: A malicious server could return a directory entry that could corrupt libsmbclient memory. o CVE-2018-10918: Missing null pointer checks may crash the Samba AD DC, over the authenticated DRSUAPI RPC service. o CVE-2018-10919: Missing access control checks allow discovery of confidential attribute values via authenticated LDAP search expressions. Changes since 4.8.3: -------------------- o Jeremy Allison <jra@samba.org> * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers. o Andrew Bartlett <abartlet@samba.org> * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140 * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user. o Tim Beale <timbeale@catalyst.net.nz> * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches. o Günther Deschner <gd@samba.org> * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". o Andrej Gessel <Andrej.Gessel@janztec.com> * BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(). |
|||
#11217 | fixed | git-2.19.1 (Security update) | ||
Description |
New point version Git v2.19.1 Release Notes ========================= This release merges up the fixes that appear in v2.14.5 and in v2.17.2 to address the recently reported CVE-2018-17456; see the release notes for those versions for details. Git 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 These releases fix a security flaw (CVE-2018-17456), which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the supplied .gitmodules file for a URL field and blindly passes it as an argument to a "git clone" subprocess. If the URL field is set to a string that begins with a dash, this "git clone" subprocess interprets the URL as an option. This can lead to executing an arbitrary script shipped in the superproject as the user who ran "git clone". In addition to fixing the security issue for the user running "clone", the 2.17.2, 2.18.1 and 2.19.1 releases have an "fsck" check which can be used to detect such malicious repository content when fetching or accepting a push. See "transfer.fsckObjects" in git-config(1). Credit for finding and fixing this vulnerability goes to joernchen and Jeff King, respectively. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17456 https://lists.q42.co.uk/pipermail/git-announce/2018-October/000996.html Marking as a highest priority vulnerability since a known-working exploit is out in the wild (I have a copy, but I'm not sharing it). |
|||
#11230 | fixed | New ghostscript escape from -dSAFER sandbox. | ||
Description |
Fixed upstream, exploitable from at least gimp and evince, possibly from okular. PoC in the wild. |
Note:
See TracQuery
for help on using queries.