Project

General

Profile

Bug #41380

Update Samba port to address August CVEs

Added by Timur Bakeyev 11 months ago. Updated 11 months ago.

Status:
Done
Priority:
No priority
Assignee:
Timur Bakeyev
Category:
Services
Target version:
Seen in:
Severity:
High
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

There is a new bunch of Samba CVEs going to be disclosed on 08/14.

We need to update our Samba ports accordingly.


Related issues

Copied to FreeNAS - Bug #41385: Update Samba port to address August CVEsDone

Associated revisions

Revision b006ac15 (diff)
Added by Dru Lavigne 11 months ago

Mention version of Samba has been patched for CVEs.
Ticket: #41380

Revision 0be2d8aa (diff)
Added by Dru Lavigne 11 months ago

Mention version of Samba has been patched for CVEs.
Ticket: #41380

History

#1 Updated by Timur Bakeyev 11 months ago

  • Copied to Bug #41385: Update Samba port to address August CVEs added

#2 Updated by Timur Bakeyev 11 months ago

#3 Updated by Dru Lavigne 11 months ago

  • Status changed from Unscreened to In Progress

#4 Updated by Timur Bakeyev 11 months ago

  • Private changed from Yes to No

#5 Updated by Dru Lavigne 11 months ago

From https://www.samba.org/samba/latest_news.html#4.8.4:
CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.),
CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.),
CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP server.),
CVE-2018-1139 (Weak authentication protocol allowed.) and
CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.).

#8 Updated by Timur Bakeyev 11 months ago

  • Status changed from In Progress to Ready for Testing

#9 Updated by Dru Lavigne 11 months ago

  • Needs Merging changed from Yes to No

#10 Updated by Bonnie Follweiler 11 months ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

#12 Updated by Dru Lavigne 11 months ago

  • Status changed from Passed Testing to Done
  • Needs Doc changed from Yes to No

Also available in: Atom PDF