lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 28 Nov 2018 22:28:25 -0800 (PST)
From: Slackware Security Team <>
Subject: [slackware-security]  samba (SSA:2018-333-01)

Hash: SHA1

[slackware-security]  samba (SSA:2018-333-01)

New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/samba-4.6.16-i586-2_slack14.2.txz:  Rebuilt.
  This update patches some security issues:
  CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server
  CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT
  CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server
  CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers
  CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
    configuration (unsupported)
  CVE-2018-16857: Bad password count in AD DC not always effective
  For more information, see:
  (* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
( for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on for
additional mirror sites near you.

Updated package for Slackware 14.0:

Updated package for Slackware x86_64 14.0:

Updated package for Slackware 14.1:

Updated package for Slackware x86_64 14.1:

Updated package for Slackware 14.2:

Updated package for Slackware x86_64 14.2:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:

MD5 signatures:

Slackware 14.0 package:
ef6b5b109beaee70cf8a558dcc3ff3d4  samba-4.6.16-i486-2_slack14.0.txz

Slackware x86_64 14.0 package:
40b897540a27eb5daa3329a0e50fe0e8  samba-4.6.16-x86_64-2_slack14.0.txz

Slackware 14.1 package:
2bd298c4af25f04a1b24d2283bc0df4d  samba-4.6.16-i486-2_slack14.1.txz

Slackware x86_64 14.1 package:
8b31d1ae2e0da78e54c8add50b2022d8  samba-4.6.16-x86_64-2_slack14.1.txz

Slackware 14.2 package:
39da6c1775ca9510669591c32c13a9de  samba-4.6.16-i586-2_slack14.2.txz

Slackware x86_64 14.2 package:
79c2c4737179478277293fdf9400f056  samba-4.6.16-x86_64-2_slack14.2.txz

Slackware -current package:
8bee5f6f44e1110adfd30378cdb95664  n/samba-4.9.3-i586-1.txz

Slackware x86_64 -current package:
3b8e722a64af8a0190574ee4c5618e5b  n/samba-4.9.3-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
# upgradepkg samba-4.6.16-i586-2_slack14.2.txz

Then, if Samba is running restart it:

# /etc/rc.d/rc.samba restart


Slackware Linux Security Team

| To leave the slackware-security mailing list:                          |
| Send an email to with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |


Powered by blists - more mailing lists