Tue Mar 13 21:12:51 UTC 2018


a/time-1.9-x86_64-1.txz: Upgraded.
d/automake-1.16.1-noarch-1.txz: Upgraded.
l/imagemagick-6.9.9_38-x86_64-1.txz: Upgraded.
n/samba-4.7.6-x86_64-1.txz: Upgraded.
This is a security update in order to patch the following defects:
On a Samba 4 AD DC the LDAP server in all versions of Samba from
4.0.0 onwards incorrectly validates permissions to modify passwords
over LDAP allowing authenticated users to change any other users`
passwords, including administrative users.
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of
service attack when the RPC spoolss service is configured to be run as
an external daemon. Missing input sanitization checks on some of the
input parameters to spoolss RPC calls could cause the print spooler
service to crash. There is no known vulnerability associated with this
error, merely a denial of service. If the RPC spoolss service is left by
default as an internal service, all a client can do is crash its own
authenticated connection.
For more information, see:
https://www.samba.org/samba/security/CVE-2018-1057.html
https://wiki.samba.org/index.php/CVE-2018-1057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1050
(* Security fix *)
xap/mozilla-firefox-59.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
(* Security fix *)