Bugtraq mailing list archives
[ MDVSA-2015:081 ] samba
From: security () mandriva com
Date: Sat, 28 Mar 2015 09:08:00 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:081 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : samba Date : March 28, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated samba packages fix security vulnerabilities: An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240 http://advisories.mageia.org/MGASA-2015-0084.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 4ac8f8f9652ad4ca155e19153c6899c8 mbs1/x86_64/lib64netapi0-3.6.25-1.mbs1.x86_64.rpm 70811f103aaf352706212264cd1bdd07 mbs1/x86_64/lib64netapi-devel-3.6.25-1.mbs1.x86_64.rpm 124038bf590e4b24d44032ff319877cb mbs1/x86_64/lib64smbclient0-3.6.25-1.mbs1.x86_64.rpm 8654538cb5fe0ec9f4e1f843b48bfe3e mbs1/x86_64/lib64smbclient0-devel-3.6.25-1.mbs1.x86_64.rpm 0a0b66090334e58925651eaf5a93db4b mbs1/x86_64/lib64smbclient0-static-devel-3.6.25-1.mbs1.x86_64.rpm af20d1ba0b94c53e49dcd62e9dc2862b mbs1/x86_64/lib64smbsharemodes0-3.6.25-1.mbs1.x86_64.rpm 5e52b9faf84405b9082073077e573b2c mbs1/x86_64/lib64smbsharemodes-devel-3.6.25-1.mbs1.x86_64.rpm 46a0608a84712e469dd32918391e8c3d mbs1/x86_64/lib64wbclient0-3.6.25-1.mbs1.x86_64.rpm b9244f130c1bdfc160d3d720088e38ba mbs1/x86_64/lib64wbclient-devel-3.6.25-1.mbs1.x86_64.rpm c715497f62eeeafa889ff7471c79bdfc mbs1/x86_64/nss_wins-3.6.25-1.mbs1.x86_64.rpm d22d02173ec97c95eb7328024b9e82ee mbs1/x86_64/samba-client-3.6.25-1.mbs1.x86_64.rpm 00bd57d9b85d09366628b1f46505bd85 mbs1/x86_64/samba-common-3.6.25-1.mbs1.x86_64.rpm 9d4637b0de9d912bcd5506fed360d0a2 mbs1/x86_64/samba-doc-3.6.25-1.mbs1.noarch.rpm 7d7f6be0de70100422674ae8cf5172a5 mbs1/x86_64/samba-domainjoin-gui-3.6.25-1.mbs1.x86_64.rpm 55ea454169eb18e357a656872b9b6254 mbs1/x86_64/samba-server-3.6.25-1.mbs1.x86_64.rpm 8ee941751deb9362569b7d6396747408 mbs1/x86_64/samba-swat-3.6.25-1.mbs1.x86_64.rpm 05f58113d2b78614278ee9698d297e49 mbs1/x86_64/samba-virusfilter-clamav-3.6.25-1.mbs1.x86_64.rpm c8ed9bb7d1636d82ca1aad0100d058a4 mbs1/x86_64/samba-virusfilter-fsecure-3.6.25-1.mbs1.x86_64.rpm 658617b2a62a7aba97bba8a0b81e2962 mbs1/x86_64/samba-virusfilter-sophos-3.6.25-1.mbs1.x86_64.rpm c8071cdc97727ad4749c522f8eb7e1ba mbs1/x86_64/samba-winbind-3.6.25-1.mbs1.x86_64.rpm ee22c6311d482ec4a8358d2d4a2a48e0 mbs1/SRPMS/samba-3.6.25-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVFlNBmqjQ0CJFipgRAne5AJ4l/PaNKpbcDYC6cDmOgUTaiaedoACgm+Bk 2v2AIePJXBUsvmVJ9qs7z0M= =ZeNI -----END PGP SIGNATURE-----
Current thread:
- [ MDVSA-2015:081 ] samba security (Mar 30)