lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Yblmi-0002fL-5D@titan.mandriva.com>
Date: Sat, 28 Mar 2015 09:08:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:081 ] samba

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:081
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : samba
 Date    : March 28, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated samba packages fix security vulnerabilities:
 
 An uninitialized pointer use flaw was found in the Samba daemon
 (smbd). A malicious Samba client could send specially crafted netlogon
 packets that, when processed by smbd, could potentially lead to
 arbitrary code execution with the privileges of the user running smbd
 (by default, the root user) (CVE-2015-0240).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
 http://advisories.mageia.org/MGASA-2015-0084.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 4ac8f8f9652ad4ca155e19153c6899c8  mbs1/x86_64/lib64netapi0-3.6.25-1.mbs1.x86_64.rpm
 70811f103aaf352706212264cd1bdd07  mbs1/x86_64/lib64netapi-devel-3.6.25-1.mbs1.x86_64.rpm
 124038bf590e4b24d44032ff319877cb  mbs1/x86_64/lib64smbclient0-3.6.25-1.mbs1.x86_64.rpm
 8654538cb5fe0ec9f4e1f843b48bfe3e  mbs1/x86_64/lib64smbclient0-devel-3.6.25-1.mbs1.x86_64.rpm
 0a0b66090334e58925651eaf5a93db4b  mbs1/x86_64/lib64smbclient0-static-devel-3.6.25-1.mbs1.x86_64.rpm
 af20d1ba0b94c53e49dcd62e9dc2862b  mbs1/x86_64/lib64smbsharemodes0-3.6.25-1.mbs1.x86_64.rpm
 5e52b9faf84405b9082073077e573b2c  mbs1/x86_64/lib64smbsharemodes-devel-3.6.25-1.mbs1.x86_64.rpm
 46a0608a84712e469dd32918391e8c3d  mbs1/x86_64/lib64wbclient0-3.6.25-1.mbs1.x86_64.rpm
 b9244f130c1bdfc160d3d720088e38ba  mbs1/x86_64/lib64wbclient-devel-3.6.25-1.mbs1.x86_64.rpm
 c715497f62eeeafa889ff7471c79bdfc  mbs1/x86_64/nss_wins-3.6.25-1.mbs1.x86_64.rpm
 d22d02173ec97c95eb7328024b9e82ee  mbs1/x86_64/samba-client-3.6.25-1.mbs1.x86_64.rpm
 00bd57d9b85d09366628b1f46505bd85  mbs1/x86_64/samba-common-3.6.25-1.mbs1.x86_64.rpm
 9d4637b0de9d912bcd5506fed360d0a2  mbs1/x86_64/samba-doc-3.6.25-1.mbs1.noarch.rpm
 7d7f6be0de70100422674ae8cf5172a5  mbs1/x86_64/samba-domainjoin-gui-3.6.25-1.mbs1.x86_64.rpm
 55ea454169eb18e357a656872b9b6254  mbs1/x86_64/samba-server-3.6.25-1.mbs1.x86_64.rpm
 8ee941751deb9362569b7d6396747408  mbs1/x86_64/samba-swat-3.6.25-1.mbs1.x86_64.rpm
 05f58113d2b78614278ee9698d297e49  mbs1/x86_64/samba-virusfilter-clamav-3.6.25-1.mbs1.x86_64.rpm
 c8ed9bb7d1636d82ca1aad0100d058a4  mbs1/x86_64/samba-virusfilter-fsecure-3.6.25-1.mbs1.x86_64.rpm
 658617b2a62a7aba97bba8a0b81e2962  mbs1/x86_64/samba-virusfilter-sophos-3.6.25-1.mbs1.x86_64.rpm
 c8071cdc97727ad4749c522f8eb7e1ba  mbs1/x86_64/samba-winbind-3.6.25-1.mbs1.x86_64.rpm 
 ee22c6311d482ec4a8358d2d4a2a48e0  mbs1/SRPMS/samba-3.6.25-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFlNBmqjQ0CJFipgRAne5AJ4l/PaNKpbcDYC6cDmOgUTaiaedoACgm+Bk
2v2AIePJXBUsvmVJ9qs7z0M=
=ZeNI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ