New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 8.9
SynopsisThe remote openSUSE host is missing a security update.
Descriptionsamba was updated to fix two security issues.
These security issues were fixed :
- CVE-2015-0240: Ensure we don't call talloc_free on an uninitialized pointer (bnc#917376).
- CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allowed remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (bnc#914279).
Several non-security issues were fixed, please refer to the changes file.
SolutionUpdate the affected samba packages.