Log

AVG-1203 created at 10 Jul 2020 12:31:24
Packages
+ webkit2gtk
Issues
+ CVE-2020-9802
+ CVE-2020-9803
+ CVE-2020-9805
+ CVE-2020-9806
+ CVE-2020-9807
+ CVE-2020-9843
+ CVE-2020-9850
+ CVE-2020-13753
Status
+ Fixed
Severity
+ Unknown
Affected
+ 2.28.2-2
Fixed
+ 2.28.3-1
Ticket
Advisory qualified
+ Yes
References
+ https://webkitgtk.org/security/WSA-2020-0006.html
Notes
CVE-2020-9850 created at 10 Jul 2020 12:31:24
AVG-1203 created at 10 Jul 2020 12:31:24
Packages
+ webkit2gtk
Issues
+ CVE-2020-9802
+ CVE-2020-9803
+ CVE-2020-9805
+ CVE-2020-9806
+ CVE-2020-9807
+ CVE-2020-9843
+ CVE-2020-9850
+ CVE-2020-13753
Status
+ Fixed
Severity
+ Unknown
Affected
+ 2.28.2-2
Fixed
+ 2.28.3-1
Ticket
Advisory qualified
+ Yes
References
+ https://webkitgtk.org/security/WSA-2020-0006.html
Notes
CVE-2020-9803 created at 10 Jul 2020 12:31:24
CVE-2020-14303 edited at 08 Jul 2020 08:43:08
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
References
+ https://www.samba.org/samba/security/CVE-2020-14303.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=1851298
+ https://download.samba.org/pub/samba/patches/security/samba-4.12.3-security-2020-07-02.patch
Notes
+ The NBT server (UDP port 137) is provided by nmbd in the file-server configuration, which is not impacted by this issue.
+
+ In the AD DC, the NBT server can be disabled with 'disable netbios = yes'.
CVE-2020-10760 edited at 08 Jul 2020 08:42:21
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.
References
+ https://www.samba.org/samba/security/CVE-2020-10760.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=1849509
+ https://download.samba.org/pub/samba/patches/security/samba-4.12.3-security-2020-07-02.patch
Notes
+ By default, Samba 4.10 is run using the "standard" process model which is one-process-per-client. (Later versions use 'prefork').
+ This is controlled by the -M or --model parameter to the samba binary.
+ All Samba versions are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (however this will use more memory, and may cause resource exhaustion).
CVE-2020-10730 edited at 08 Jul 2020 08:41:05
References
https://www.samba.org/samba/security/CVE-2020-10730.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=1849489
https://download.samba.org/pub/samba/patches/security/samba-4.12.3-security-2020-07-02.patch
CVE-2020-10745 edited at 08 Jul 2020 08:40:39
Notes
+ The vulnerable DNS server (port 53) and NBT server (port 139) is only provided when Samba runs as an Active Directory DC. The implementation provided by nmbd in the file-server configuration is not subject to this issue. In the AD DC, the NBT server can be disabled with 'disable netbios = yes'.
AVG-1202 edited at 08 Jul 2020 08:40:11
Severity
- Medium
+ High
CVE-2020-10730 edited at 08 Jul 2020 08:40:11
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference.
References
+ https://www.samba.org/samba/security/CVE-2020-10730.html
+ https://download.samba.org/pub/samba/patches/security/samba-4.12.3-security-2020-07-02.patch
AVG-1202 edited at 08 Jul 2020 08:18:06
Severity
- Unknown
+ Medium
CVE-2020-10745 edited at 08 Jul 2020 08:18:06
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP and DNS paclets. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service.
References
+ https://www.samba.org/samba/security/CVE-2020-10745.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=1849491
+ https://download.samba.org/pub/samba/patches/security/samba-4.12.3-security-2020-07-02.patch
Notes
AVG-1202 edited at 08 Jul 2020 08:11:39
Issues
+ CVE-2020-10730
CVE-2020-10745
+ CVE-2020-10760
+ CVE-2020-14303
References
https://www.samba.org/samba/security/CVE-2020-10745.html
+ https://www.samba.org/samba/security/CVE-2020-10730.html
+ https://www.samba.org/samba/security/CVE-2020-10760.html
+ https://www.samba.org/samba/security/CVE-2020-14303.html
CVE-2020-10730 created at 08 Jul 2020 08:11:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-1202 edited at 08 Jul 2020 08:11:39
Issues
+ CVE-2020-10730
CVE-2020-10745
+ CVE-2020-10760
+ CVE-2020-14303
References
https://www.samba.org/samba/security/CVE-2020-10745.html
+ https://www.samba.org/samba/security/CVE-2020-10730.html
+ https://www.samba.org/samba/security/CVE-2020-10760.html
+ https://www.samba.org/samba/security/CVE-2020-14303.html
CVE-2020-14303 created at 08 Jul 2020 08:11:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes