svn commit: r486009 - head/security/vuxml
Timur I. Bakeyev
timur at FreeBSD.org
Tue Nov 27 13:45:55 UTC 2018
Author: timur
Date: Tue Nov 27 13:45:54 2018
New Revision: 486009
URL: https://svnweb.freebsd.org/changeset/ports/486009
Log:
Add an entry about new vulnerabilities in the Samba packages.
Security: CVE-2018-14629
CVE-2018-16841
CVE-2018-16851
CVE-2018-16852
CVE-2018-16853
CVE-2018-16857
Sponsored by: my wife
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Nov 27 13:41:27 2018 (r486008)
+++ head/security/vuxml/vuln.xml Tue Nov 27 13:45:54 2018 (r486009)
@@ -58,6 +58,84 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="54976998-f248-11e8-81e2-005056a311d1">
+ <topic>samba -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>samba46</name>
+ <range><le>4.6.16</le></range>
+ </package>
+ <package>
+ <name>samba47</name>
+ <range><lt>4.7.12</lt></range>
+ </package>
+ <package>
+ <name>samba48</name>
+ <range><lt>4.8.7</lt></range>
+ </package>
+ <package>
+ <name>samba49</name>
+ <range><lt>4.9.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The samba project reports:</p>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2018-14629.html">
+ <p>All versions of Samba from 4.0.0 onwards are vulnerable to infinite
+ query recursion caused by CNAME loops. Any dns record can be added via
+ ldap by an unprivileged user using the ldbadd tool, so this is a
+ security issue.</p>
+ </blockquote>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2018-16841.html">
+ <p>When configured to accept smart-card authentication, Samba's KDC will call
+ talloc_free() twice on the same memory if the principal in a validly signed
+ certificate does not match the principal in the AS-REQ.</p>
+ </blockquote>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2018-16851.html">
+ <p>During the processing of an LDAP search before Samba's AD DC returns
+ the LDAP entries to the client, the entries are cached in a single
+ memory object with a maximum size of 256MB. When this size is
+ reached, the Samba process providing the LDAP service will follow the
+ NULL pointer, terminating the process.</p>
+ </blockquote>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2018-16852.html">
+ <p>During the processing of an DNS zone in the DNS management DCE/RPC server,
+ the internal DNS server or the Samba DLZ plugin for BIND9, if the
+ DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
+ property is set, the server will follow a NULL pointer and terminate</p>
+ </blockquote>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2018-16853.html">
+ <p>A user in a Samba AD domain can crash the KDC when Samba is built in the
+ non-default MIT Kerberos configuration.</p>
+ </blockquote>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2018-16857.html">
+ <p>AD DC Configurations watching for bad passwords (to restrict brute forcing
+ of passwords) in a window of more than 3 minutes may not watch for bad
+ passwords at all.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.samba.org/samba/security/CVE-2018-14629.html</url>
+ <cvename>CVE-2018-14629</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2018-16841.html</url>
+ <cvename>CVE-2018-16841</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2018-16851.html</url>
+ <cvename>CVE-2018-16851</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2018-16852.html</url>
+ <cvename>CVE-2018-16852</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2018-16853.html</url>
+ <cvename>CVE-2018-16853</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2018-16857.html</url>
+ <cvename>CVE-2018-16857</cvename>
+ </references>
+ <dates>
+ <discovery>2018-08-14</discovery>
+ <entry>2018-08-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="ec49f6b5-ee39-11e8-b2f4-74d435b63d51">
<topic>php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter</topic>
<affects>
More information about the svn-ports-all
mailing list