samba: multiple vulnerabilities

Package(s):

samba

CVE #(s):

CVE-2014-0178 CVE-2014-0244 CVE-2014-3493

Created:

June 23, 2014

Updated:

July 31, 2014

Description:

From the Debian advisory:

CVE-2014-0178: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled.

CVE-2014-0244: Denial of service (infinite CPU loop) in the nmbd Netbios name service daemon. A malformed packet can cause the nmbd server to enter an infinite loop, preventing it to process later requests to the Netbios name service.

CVE-2014-3493: Denial of service (daemon crash) in the smbd file server daemon. An authenticated user attempting to read a Unicode path using a non-Unicode request can force the daemon to overwrite memory at an invalid address.

Alerts:

Mandriva	MDVSA-2015:082	samba	2015-03-28
Gentoo	201502-15	samba	2015-02-25
Oracle	ELSA-2014-1009	samba4	2014-08-05
openSUSE	openSUSE-SU-2014:0944-1	samba	2014-07-30
Oracle	ELSA-2014-0867	samba	2014-07-23
Mandriva	MDVSA-2014:136	samba	2014-07-11
Scientific Linux	SLSA-2014:0866-1	samba and samba3x	2014-07-09
Oracle	ELSA-2014-0866	samba, samba3x	2014-07-09
Oracle	ELSA-2014-0866	samba, samba3x	2014-07-09
CentOS	CESA-2014:0866	samba, samba3x	2014-07-09
CentOS	CESA-2014:0866	samba, samba3x	2014-07-09
CentOS	CESA-2014:0867	samba	2014-07-09
Red Hat	RHSA-2014:0866-01	samba, samba3x	2014-07-09
Red Hat	RHSA-2014:0867-01	samba	2014-07-09
Fedora	FEDORA-2014-7654	samba	2014-07-09
Mageia	MGASA-2014-0279	samba	2014-07-04
openSUSE	openSUSE-SU-2014:0857-1	samba	2014-07-01
openSUSE	openSUSE-SU-2014:0859-1	samba	2014-07-01
Ubuntu	USN-2257-1	samba	2014-06-26
Fedora	FEDORA-2014-7672	samba	2014-06-26
Slackware	SSA:2014-175-04	samba	2014-06-24
Debian	DSA-2966-1	samba	2014-06-23