Security update for samba (important)

ID OPENSUSE-SU-2015:0375-1
Type suse
Reporter Suse
Modified 2015-02-25T15:07:13


samba was updated to fix two security issues.

These security issues were fixed: - CVE-2015-0240: Ensure we don't call talloc_free on an uninitialized pointer (bnc#917376). - CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allowed remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation (bnc#914279).

Several non-security issues were fixed, please refer to the changes file.