User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0279 (samba)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0279: Updated samba packages fix multiple vulnerabilities
Date:  Fri, 4 Jul 2014 19:57:33 +0200
Message-ID:  <20140704175733.3A9435A087@valstar.mageia.org>

MGASA-2014-0279 - Updated samba packages fix multiple vulnerabilities Publication date: 04 Jul 2014 URL: http://advisories.mageia.org/MGASA-2014-0279.html Type: security Affected Mageia releases: 3, 4 CVE: CVE-2014-0178, CVE-2014-0244, CVE-2014-3493 Description: Updated samba packages fix security vulnerabilities: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). References: - http://www.samba.org/samba/security/CVE-2014-0178 - http://www.samba.org/samba/security/CVE-2014-0244 - http://www.samba.org/samba/security/CVE-2014-3493 - https://www.debian.org/security/2014/dsa-2966 - https://bugs.mageia.org/show_bug.cgi?id=13579 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493 SRPMS: - 4/core/samba-3.6.24-1.1.mga4 - 3/core/samba-3.6.15-1.6.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds