Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1695a778 by Salvatore Bonaccorso at 2018-11-27T09:39:00Z
Add new samba issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9587,8 +9587,12 @@ CVE-2018-16859 [become password logged in plaintext when
used with PowerShell on
- ansible <not-affected> (Only issue when executing Ansible playbooks
on Windows platforms)
CVE-2018-16858
RESERVED
-CVE-2018-16857
+CVE-2018-16857 [Bad password count in AD DC not always effective]
RESERVED
+ - samba <unfixed>
+ [stretch] - samba <not-affected> (Vulnerable code not present)
+ [jessie] - samba <not-affected> (Vulnerable code not present)
+ NOTE: https://www.samba.org/samba/security/CVE-2018-16857.html
CVE-2018-16856 [Private keys written to world-readable log files]
RESERVED
- octavia <unfixed>
@@ -9604,12 +9608,23 @@ CVE-2018-16854 (A flaw was found in moodle before
versions 3.6, 3.5.3, 3.4.6, 3.
- moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=378731
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183
-CVE-2018-16853
- RESERVED
-CVE-2018-16852
- RESERVED
-CVE-2018-16851
- RESERVED
+CVE-2018-16853 [Samba AD DC S4U2Self Crash in experimental MIT Kerberos
configuration]
+ RESERVED
+ - samba <unfixed> (unimportant)
+ [stretch] - samba <not-affected> (Vulnerable code not present)
+ [jessie] - samba <not-affected> (Vulnerable code not present)
+ NOTE: https://www.samba.org/samba/security/CVE-2018-16853.html
+ NOTE: Samba in Debian is built with the default Heimdal Kerberos build
+CVE-2018-16852 [NULL pointer de-reference in Samba AD DC DNS servers]
+ RESERVED
+ - samba <unfixed>
+ [stretch] - samba <not-affected> (Vulnerable code not present)
+ [jessie] - samba <not-affected> (Vulnerable code not present)
+ NOTE: https://www.samba.org/samba/security/CVE-2018-16852.html
+CVE-2018-16851 [NULL pointer de-reference in Samba AD DC LDAP server]
+ RESERVED
+ - samba <unfixed>
+ NOTE: https://www.samba.org/samba/security/CVE-2018-16851.html
CVE-2018-16850 (postgresql before versions 11.1, 10.6 is vulnerable to a to
SQL ...)
- postgresql-11 11.1-1
- postgresql-10 <removed>
@@ -9658,8 +9673,11 @@ CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are
vulnerable to a heap-bas
- curl 7.62.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
-CVE-2018-16841
+CVE-2018-16841 [Double-free in Samba AD DC KDC with PKINIT]
RESERVED
+ - samba <unfixed>
+ [jessie] - samba <not-affected> (Vulnerable code not present)
+ NOTE: https://www.samba.org/samba/security/CVE-2018-16841.html
CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from
7.59.0 ...)
- curl 7.62.0-1
[stretch] - curl <not-affected> (Use-after-free issue introduced later)
@@ -15210,8 +15228,10 @@ CVE-2018-14631 (moodle before versions 3.5.2, 3.4.5,
3.3.8 is vulnerable to a bo
- moodle <removed>
CVE-2018-14630 (moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is
vulnerable to an ...)
- moodle <removed>
-CVE-2018-14629
+CVE-2018-14629 [Unprivileged adding of CNAME record causing loop in AD
Internal DNS server]
RESERVED
+ - samba <unfixed>
+ NOTE: https://www.samba.org/samba/security/CVE-2018-14629.html
CVE-2018-14628
RESERVED
CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0
does not ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1695a778915e1a433739587ae60a00d9cff8fc10
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1695a778915e1a433739587ae60a00d9cff8fc10
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
