Mageia alert MGASA-2014-0279 (samba)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2014-0279: Updated samba packages fix multiple vulnerabilities 
Date:
    	     
 
Fri, 4 Jul 2014 19:57:33 +0200
Message-ID:
    	     
 
<20140704175733.3A9435A087@valstar.mageia.org>
MGASA-2014-0279 - Updated samba packages fix multiple vulnerabilities

Publication date: 04 Jul 2014
URL: http://advisories.mageia.org/MGASA-2014-0279.html
Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2014-0178,
     CVE-2014-0244,
     CVE-2014-3493

Description:
Updated samba packages fix security vulnerabilities:

Information leak vulnerability in the VFS code, allowing an authenticated
user to retrieve eight bytes of uninitialized memory when shadow copy is
enabled (CVE-2014-0178).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial
of service on the nmbd NetBIOS name services daemon. A malformed packet
can cause the nmbd server to loop the CPU and prevent any further NetBIOS
name service (CVE-2014-0244).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial
of service crash involving overwriting memory on an authenticated
connection to the smbd file server (CVE-2014-3493).

References:
- http://www.samba.org/samba/security/CVE-2014-0178
- http://www.samba.org/samba/security/CVE-2014-0244
- http://www.samba.org/samba/security/CVE-2014-3493
- https://www.debian.org/security/2014/dsa-2966
- https://bugs.mageia.org/show_bug.cgi?id=13579
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493

SRPMS:
- 4/core/samba-3.6.24-1.1.mga4
- 3/core/samba-3.6.15-1.6.mga3