[Git][security-tracker-team/security-tracker][master] Add new samba issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1695a778 by Salvatore Bonaccorso at 2018-11-27T09:39:00Z
Add new samba issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9587,8 +9587,12 @@ CVE-2018-16859 [become password logged in plaintext when used with PowerShell on
 	- ansible <not-affected> (Only issue when executing Ansible playbooks on Windows platforms)
 CVE-2018-16858
 	RESERVED
-CVE-2018-16857
+CVE-2018-16857 [Bad password count in AD DC not always effective]
 	RESERVED
+	- samba <unfixed>
+	[stretch] - samba <not-affected> (Vulnerable code not present)
+	[jessie] - samba <not-affected> (Vulnerable code not present)
+	NOTE: https://www.samba.org/samba/security/CVE-2018-16857.html
 CVE-2018-16856 [Private keys written to world-readable log files]
 	RESERVED
 	- octavia <unfixed>
@@ -9604,12 +9608,23 @@ CVE-2018-16854 (A flaw was found in moodle before versions 3.6, 3.5.3, 3.4.6, 3.
 	- moodle <removed>
 	NOTE: https://moodle.org/mod/forum/discuss.php?d=378731
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183
-CVE-2018-16853
-	RESERVED
-CVE-2018-16852
-	RESERVED
-CVE-2018-16851
-	RESERVED
+CVE-2018-16853 [Samba AD DC S4U2Self Crash in experimental MIT Kerberos configuration]
+	RESERVED
+	- samba <unfixed> (unimportant)
+	[stretch] - samba <not-affected> (Vulnerable code not present)
+	[jessie] - samba <not-affected> (Vulnerable code not present)
+	NOTE: https://www.samba.org/samba/security/CVE-2018-16853.html
+	NOTE: Samba in Debian is built with the default Heimdal Kerberos build
+CVE-2018-16852 [NULL pointer de-reference in Samba AD DC DNS servers]
+	RESERVED
+	- samba <unfixed>
+	[stretch] - samba <not-affected> (Vulnerable code not present)
+	[jessie] - samba <not-affected> (Vulnerable code not present)
+	NOTE: https://www.samba.org/samba/security/CVE-2018-16852.html
+CVE-2018-16851 [NULL pointer de-reference in Samba AD DC LDAP server]
+	RESERVED
+	- samba <unfixed>
+	NOTE: https://www.samba.org/samba/security/CVE-2018-16851.html
 CVE-2018-16850 (postgresql before versions 11.1, 10.6 is vulnerable to a to SQL ...)
 	- postgresql-11 11.1-1
 	- postgresql-10 <removed>
@@ -9658,8 +9673,11 @@ CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-bas
 	- curl 7.62.0-1
 	NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
-CVE-2018-16841
+CVE-2018-16841 [Double-free in Samba AD DC KDC with PKINIT]
 	RESERVED
+	- samba <unfixed>
+	[jessie] - samba <not-affected> (Vulnerable code not present)
+	NOTE: https://www.samba.org/samba/security/CVE-2018-16841.html
 CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59.0 ...)
 	- curl 7.62.0-1
 	[stretch] - curl <not-affected> (Use-after-free issue introduced later)
@@ -15210,8 +15228,10 @@ CVE-2018-14631 (moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a bo
 	- moodle <removed>
 CVE-2018-14630 (moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an ...)
 	- moodle <removed>
-CVE-2018-14629
+CVE-2018-14629 [Unprivileged adding of CNAME record causing loop in AD Internal DNS server]
 	RESERVED
+	- samba <unfixed>
+	NOTE: https://www.samba.org/samba/security/CVE-2018-14629.html
 CVE-2018-14628
 	RESERVED
 CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1695a778915e1a433739587ae60a00d9cff8fc10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1695a778915e1a433739587ae60a00d9cff8fc10
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181127/abb4a79c/attachment.html>