openSUSE Security Update : samba and resource-agents (openSUSE-2017-987) (Orpheus' Lyre)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update provides Samba 4.6.7, which fixes the following issues :

- CVE-2017-11103: Metadata were being taken from the
unauthenticated plaintext (the Ticket) rather than the
authenticated and encrypted KDC response. (bsc#1048278)

- Fix cephwrap_chdir(). (bsc#1048790)

- Fix ctdb logs to /var/log/log.ctdb instead of
/var/log/ctdb. (bsc#1048339)

- Fix inconsistent ctdb socket path. (bsc#1048352)

- Fix non-admin cephx authentication. (bsc#1048387)

- CTDB cannot start when there is no persistent database.

The CTDB resource agent was also fixed to not fail when the database
is empty.

This update was imported from the SUSE:SLE-12-SP3:Update update

See also :

Solution :

Update the affected samba and resource-agents packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: SuSE Local Security Checks

Nessus Plugin ID: 102849 ()

Bugtraq ID:

CVE ID: CVE-2017-11103

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now