|
|
Subscribe / Log in / New account

Mageia alert MGASA-2015-0084 (samba)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2015-0084: Updated samba packages fix CVE-2015-0240 


Date:
    	      Tue, 24 Feb 2015 22:20:36 +0100


Message-ID:
    	      <20150224212036.A295E403E9@valstar.mageia.org>


MGASA-2015-0084 - Updated samba packages fix CVE-2015-0240

Publication date: 24 Feb 2015
URL: http://advisories.mageia.org/MGASA-2015-0084.html
Type: security
Affected Mageia releases: 4
CVE: CVE-2015-0240

Description:
Updated samba packages fix security vulnerabilities:

An uninitialized pointer use flaw was found in the Samba daemon (smbd). A
malicious Samba client could send specially crafted netlogon packets that,
when processed by smbd, could potentially lead to arbitrary code execution
with the privileges of the user running smbd (by default, the root user)
(CVE-2015-0240).

References:
- https://bugs.mageia.org/show_bug.cgi?id=15347
- https://securityblog.redhat.com/2015/02/23/samba-vulnerab...
- https://rhn.redhat.com/errata/RHSA-2015-0251.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240

SRPMS:
- 4/core/samba-3.6.25-1.mga4
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds