lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1S2TFI-0005bv-Vx@titan.mandriva.com>
Date: Tue, 28 Feb 2012 21:02:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:025 ] samba

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:025
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : samba
 Date    : February 28, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in samba:
 
 Heap-based buffer overflow in process.c in smbd in Samba allows remote
 attackers to cause a denial of service (daemon crash) or possibly
 execute arbitrary code via a Batched (aka AndX) request that triggers
 infinite recursion (CVE-2012-0870).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 f1c5c40a39960bf0be8b4f7b0eb07f1c  mes5/i586/libnetapi0-3.3.12-0.8mdvmes5.2.i586.rpm
 c09851ea48666122ce67fb3bb5d863b7  mes5/i586/libnetapi-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 574874125ee63e520110e73158fa1c53  mes5/i586/libsmbclient0-3.3.12-0.8mdvmes5.2.i586.rpm
 ed39a5badbcb3dff984d099d995e4654  mes5/i586/libsmbclient0-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 37f6c8edc6af9e4439fe1cfa74162fd4  mes5/i586/libsmbclient0-static-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 e06527be75deb64802f8bfa4c266f9bc  mes5/i586/libsmbsharemodes0-3.3.12-0.8mdvmes5.2.i586.rpm
 9926b5aa94649fe5e4563d7d30eea094  mes5/i586/libsmbsharemodes-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 13ed1d18924705829149f27c89cff483  mes5/i586/libtalloc1-3.3.12-0.8mdvmes5.2.i586.rpm
 0dcc0cadaff5d3e9e9b26a4aa76320b9  mes5/i586/libtalloc-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 f66dc353d8f7cc28d9e9922bc731bd06  mes5/i586/libtdb1-3.3.12-0.8mdvmes5.2.i586.rpm
 87689dca4f04ccc56c8b7e2958f870a5  mes5/i586/libtdb-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 eac4493389bdd505786b2a813800ec21  mes5/i586/libwbclient0-3.3.12-0.8mdvmes5.2.i586.rpm
 0a4d9665399a405ec33352bac8b085d7  mes5/i586/libwbclient-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 31d01f8f5ac236bdeb5da6c0b1103c26  mes5/i586/mount-cifs-3.3.12-0.8mdvmes5.2.i586.rpm
 4d65a41c7adf287f33146cb51976c12f  mes5/i586/nss_wins-3.3.12-0.8mdvmes5.2.i586.rpm
 95851e4895bebace6a800c21411c2c98  mes5/i586/samba-client-3.3.12-0.8mdvmes5.2.i586.rpm
 615ae2342634aa724e233fe7c38e1021  mes5/i586/samba-common-3.3.12-0.8mdvmes5.2.i586.rpm
 593f4559e2e7927c3d2be07c75f69fc2  mes5/i586/samba-doc-3.3.12-0.8mdvmes5.2.i586.rpm
 082b8b10f48f87102f5f4e5734192274  mes5/i586/samba-server-3.3.12-0.8mdvmes5.2.i586.rpm
 671a8293f5c9970eff7f41a382ce1de8  mes5/i586/samba-swat-3.3.12-0.8mdvmes5.2.i586.rpm
 d0826b2d50dd03a8a2def0ab8217a10b  mes5/i586/samba-winbind-3.3.12-0.8mdvmes5.2.i586.rpm 
 e63162eb725a3c786a9d6ce6e3ffa834  mes5/SRPMS/samba-3.3.12-0.8mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 08052ae7f504d3afebc2592c4563cb26  mes5/x86_64/lib64netapi0-3.3.12-0.8mdvmes5.2.x86_64.rpm
 959b440b7a52de85774c7826c23e5a0d  mes5/x86_64/lib64netapi-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 4fbf3c6550bbd781101b19a5f59db31f  mes5/x86_64/lib64smbclient0-3.3.12-0.8mdvmes5.2.x86_64.rpm
 fa0e52cf4f492cb5d991ca5305f4eca7  mes5/x86_64/lib64smbclient0-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 3aab55b5470b2dd3fe21bc22aac57881  mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 62faaa06906b9b03f73d130c30841e24  mes5/x86_64/lib64smbsharemodes0-3.3.12-0.8mdvmes5.2.x86_64.rpm
 2989b58fbd3b45bc9f59c252c694970f  mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 7b02247f56fbae2c39148fbbdb2a9753  mes5/x86_64/lib64talloc1-3.3.12-0.8mdvmes5.2.x86_64.rpm
 c06c34fbdf4472157ce75f438c8975fe  mes5/x86_64/lib64talloc-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 05412945bb2a1b2be22aab619395366e  mes5/x86_64/lib64tdb1-3.3.12-0.8mdvmes5.2.x86_64.rpm
 a5d3e798398970a92129d182766049ab  mes5/x86_64/lib64tdb-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 fa4659a2d3591b354ed48fe4780e318a  mes5/x86_64/lib64wbclient0-3.3.12-0.8mdvmes5.2.x86_64.rpm
 a647ebd6ed3d00f8e0cf32db8deddd89  mes5/x86_64/lib64wbclient-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 5075846b37b482eee78d1390284d221f  mes5/x86_64/mount-cifs-3.3.12-0.8mdvmes5.2.x86_64.rpm
 08968a5c3682f2af4dab4433d3c4906c  mes5/x86_64/nss_wins-3.3.12-0.8mdvmes5.2.x86_64.rpm
 1f391d0c654c0efa93a4a9b90ff8abad  mes5/x86_64/samba-client-3.3.12-0.8mdvmes5.2.x86_64.rpm
 9d374a84dab147dd3a7e20f38032740f  mes5/x86_64/samba-common-3.3.12-0.8mdvmes5.2.x86_64.rpm
 fbc801397a2f7b94b06397aed9e037a8  mes5/x86_64/samba-doc-3.3.12-0.8mdvmes5.2.x86_64.rpm
 39fde58a25e8180b574cf6e5a8f7e432  mes5/x86_64/samba-server-3.3.12-0.8mdvmes5.2.x86_64.rpm
 d9f108c12ade5b0f8905cb453cdb99dc  mes5/x86_64/samba-swat-3.3.12-0.8mdvmes5.2.x86_64.rpm
 78f300cd217228b7e44d0845f2b29c53  mes5/x86_64/samba-winbind-3.3.12-0.8mdvmes5.2.x86_64.rpm 
 e63162eb725a3c786a9d6ce6e3ffa834  mes5/SRPMS/samba-3.3.12-0.8mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPTQdAmqjQ0CJFipgRAjl5AKCHFXTjEFCIjESHT9QE+lzC/znTUQCeKcKO
gBbgJhbdLqBQlAb9QBUHTIM=
=j351
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ