lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1SQLz7-0004OL-BO@titan.mandriva.com>
Date: Fri, 04 May 2012 19:08:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:070 ] samba

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:070
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : samba
 Date    : May 4, 2012
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in samba:
 
 A file existence dislosure flaw was found in the way mount.cifs tool
 of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS
 (Common Internet File System) filesystem. A local user, able to
 mount a remote CIFS share / target to a local directory could use
 this flaw to confirm (non) existence of a file system object (file,
 directory or process descriptor) via error messages generated during
 the mount.cifs tool run (CVE-2012-1586).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1586
 https://bugzilla.samba.org/show_bug.cgi?id=8821
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 dd496662bedc161b26294dae8fb3ec6a  2010.1/i586/libnetapi0-3.5.3-3.7mdv2010.2.i586.rpm
 fa3eff21e8c15fdd00a0b09d784f8a75  2010.1/i586/libnetapi-devel-3.5.3-3.7mdv2010.2.i586.rpm
 46f6c0838f1322501be976b0b108ee01  2010.1/i586/libsmbclient0-3.5.3-3.7mdv2010.2.i586.rpm
 09d1da486d9c8dc917c3fcd33e67e9a8  2010.1/i586/libsmbclient0-devel-3.5.3-3.7mdv2010.2.i586.rpm
 166127d2117775be61368b8a1d414d92  2010.1/i586/libsmbclient0-static-devel-3.5.3-3.7mdv2010.2.i586.rpm
 5c3eb8d716160a3e1b644dacbfeb6a80  2010.1/i586/libsmbsharemodes0-3.5.3-3.7mdv2010.2.i586.rpm
 3936bd1a76b6e3488953742e9dc1cdbd  2010.1/i586/libsmbsharemodes-devel-3.5.3-3.7mdv2010.2.i586.rpm
 f326643fb6217d37f4392928ab3b9785  2010.1/i586/libwbclient0-3.5.3-3.7mdv2010.2.i586.rpm
 798003779c5f818110c282dfa9c82149  2010.1/i586/libwbclient-devel-3.5.3-3.7mdv2010.2.i586.rpm
 ff9d703897f4518e0ea553ea4fc27ba7  2010.1/i586/mount-cifs-3.5.3-3.7mdv2010.2.i586.rpm
 2815ec4bf56d7761d545cf00afaec268  2010.1/i586/nss_wins-3.5.3-3.7mdv2010.2.i586.rpm
 9e44d314f92c8cf23de00f29c2b2cd7b  2010.1/i586/samba-client-3.5.3-3.7mdv2010.2.i586.rpm
 ea6957734016133ad7d2e6c174fe4244  2010.1/i586/samba-common-3.5.3-3.7mdv2010.2.i586.rpm
 1b3eae9886f6c213cb39cbba7df6c613  2010.1/i586/samba-doc-3.5.3-3.7mdv2010.2.i586.rpm
 95804ad6721490f9f0364e52b0553015  2010.1/i586/samba-domainjoin-gui-3.5.3-3.7mdv2010.2.i586.rpm
 182e34741505e99493285b7fa645526a  2010.1/i586/samba-server-3.5.3-3.7mdv2010.2.i586.rpm
 d490df138c62e60deb73ac2333716d7d  2010.1/i586/samba-swat-3.5.3-3.7mdv2010.2.i586.rpm
 6b7edfbbd4dd295d9a59816d99235f49  2010.1/i586/samba-winbind-3.5.3-3.7mdv2010.2.i586.rpm 
 ec8ac62146e687e9a342c602513256fc  2010.1/SRPMS/samba-3.5.3-3.7mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 07e34908a3530dc7e0903b700f227813  2010.1/x86_64/lib64netapi0-3.5.3-3.7mdv2010.2.x86_64.rpm
 61d892dc72900ea40871c2efd18fa7be  2010.1/x86_64/lib64netapi-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
 4cf7dd4f2cf145ea9a53f15f5b4ca2fe  2010.1/x86_64/lib64smbclient0-3.5.3-3.7mdv2010.2.x86_64.rpm
 80fe598f07d6b0c51f968bb53a493673  2010.1/x86_64/lib64smbclient0-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
 75b40bd85d8888af79ee361a781db7eb  2010.1/x86_64/lib64smbclient0-static-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
 52ba787499b18ad01c9934a9e389dac1  2010.1/x86_64/lib64smbsharemodes0-3.5.3-3.7mdv2010.2.x86_64.rpm
 366dad10af9a0ceed23eb1cb234822f6  2010.1/x86_64/lib64smbsharemodes-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
 008fb8eb148ff33c4d2f0a36fa3f3324  2010.1/x86_64/lib64wbclient0-3.5.3-3.7mdv2010.2.x86_64.rpm
 05dfdc9e5388a90f2f14617ccf467381  2010.1/x86_64/lib64wbclient-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
 3944d4668b05654a5ed89285e6f8c251  2010.1/x86_64/mount-cifs-3.5.3-3.7mdv2010.2.x86_64.rpm
 ff15dcc2b2d8327613b02a90bd41ca03  2010.1/x86_64/nss_wins-3.5.3-3.7mdv2010.2.x86_64.rpm
 457e3a8f97623173cdf47851779da069  2010.1/x86_64/samba-client-3.5.3-3.7mdv2010.2.x86_64.rpm
 ba7d42f765f2de80fc9e7fed0e334d5d  2010.1/x86_64/samba-common-3.5.3-3.7mdv2010.2.x86_64.rpm
 0d6a4807149323466dadcdc90be15fa6  2010.1/x86_64/samba-doc-3.5.3-3.7mdv2010.2.x86_64.rpm
 ffbd0b27ee05885492e7362b5d441e23  2010.1/x86_64/samba-domainjoin-gui-3.5.3-3.7mdv2010.2.x86_64.rpm
 4252f909e0e7bfaa45e5937c34064746  2010.1/x86_64/samba-server-3.5.3-3.7mdv2010.2.x86_64.rpm
 5d8902b8ae2b99f3190c7261e8be6699  2010.1/x86_64/samba-swat-3.5.3-3.7mdv2010.2.x86_64.rpm
 2a3b36b89008ba74be1851bb0fe0490a  2010.1/x86_64/samba-winbind-3.5.3-3.7mdv2010.2.x86_64.rpm 
 ec8ac62146e687e9a342c602513256fc  2010.1/SRPMS/samba-3.5.3-3.7mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 b406136551db81ea5c6a6fd52383b1db  mes5/i586/libnetapi0-3.3.12-0.10mdvmes5.2.i586.rpm
 5d0e71b63b6742d854a64760ffef5a1e  mes5/i586/libnetapi-devel-3.3.12-0.10mdvmes5.2.i586.rpm
 a1bce4873fbf03a0b3d9acb68b3b9928  mes5/i586/libsmbclient0-3.3.12-0.10mdvmes5.2.i586.rpm
 3a4e098ba0d9d10aea27f16b0a88c547  mes5/i586/libsmbclient0-devel-3.3.12-0.10mdvmes5.2.i586.rpm
 d82751d5e90726d2ca257ebd0edf37a8  mes5/i586/libsmbclient0-static-devel-3.3.12-0.10mdvmes5.2.i586.rpm
 a736f31edc3007a78d6e1666cf506bcf  mes5/i586/libsmbsharemodes0-3.3.12-0.10mdvmes5.2.i586.rpm
 3c84b6ebb689e7718d769869ba912578  mes5/i586/libsmbsharemodes-devel-3.3.12-0.10mdvmes5.2.i586.rpm
 de165b4236a01ee6b0a35eafd809e7ad  mes5/i586/libtalloc1-3.3.12-0.10mdvmes5.2.i586.rpm
 4f33d360e15006e8aed210e5b6650969  mes5/i586/libtalloc-devel-3.3.12-0.10mdvmes5.2.i586.rpm
 d40ee305b6fc2b5ac78f4874de84f786  mes5/i586/libtdb1-3.3.12-0.10mdvmes5.2.i586.rpm
 8a7ccd1fa68970696a40f5d889d78d02  mes5/i586/libtdb-devel-3.3.12-0.10mdvmes5.2.i586.rpm
 48f738176a741af39161c82bed6050a2  mes5/i586/libwbclient0-3.3.12-0.10mdvmes5.2.i586.rpm
 53490ef3ecd379720f720b823a4a0905  mes5/i586/libwbclient-devel-3.3.12-0.10mdvmes5.2.i586.rpm
 264cd06bab6ad71a4930f42b53d754a9  mes5/i586/mount-cifs-3.3.12-0.10mdvmes5.2.i586.rpm
 b15dd3af33a5a80389614a91ae45ad08  mes5/i586/nss_wins-3.3.12-0.10mdvmes5.2.i586.rpm
 a410864fb10ddb0ea576181809d18df0  mes5/i586/samba-client-3.3.12-0.10mdvmes5.2.i586.rpm
 80fd8d8167741ee7da3e885214c75775  mes5/i586/samba-common-3.3.12-0.10mdvmes5.2.i586.rpm
 3db12da76a3dfc84f0fce71e62bbefcf  mes5/i586/samba-doc-3.3.12-0.10mdvmes5.2.i586.rpm
 6b778b3bc55cca365c6fad57a9f877da  mes5/i586/samba-server-3.3.12-0.10mdvmes5.2.i586.rpm
 3c493a7654d33cb2fab5595d3413f5e3  mes5/i586/samba-swat-3.3.12-0.10mdvmes5.2.i586.rpm
 ecb7876de48598f822edb57f2d01083a  mes5/i586/samba-winbind-3.3.12-0.10mdvmes5.2.i586.rpm 
 3dad784fd91e4d11f827bcf637e38911  mes5/SRPMS/samba-3.3.12-0.10mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 028b8b35fe265857c5660a48d0689f65  mes5/x86_64/lib64netapi0-3.3.12-0.10mdvmes5.2.x86_64.rpm
 4e1e6ca82f91a16daba81ebad63c8ba1  mes5/x86_64/lib64netapi-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
 b1687db7ef71fd55bd5dd8a806741435  mes5/x86_64/lib64smbclient0-3.3.12-0.10mdvmes5.2.x86_64.rpm
 ada87ce49561ee2b1e53669a728ba9ab  mes5/x86_64/lib64smbclient0-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
 805b0dcf72047da6670091ef5190d557  mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
 e7f423cd6dd382c59d6963fba9d2c3c9  mes5/x86_64/lib64smbsharemodes0-3.3.12-0.10mdvmes5.2.x86_64.rpm
 e44daaa79d193ef689d5894b3bf9f528  mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
 38d8d2801c3fa0287c7244822073f23d  mes5/x86_64/lib64talloc1-3.3.12-0.10mdvmes5.2.x86_64.rpm
 eae72bec1b9a6ff943c022513aab2fe5  mes5/x86_64/lib64talloc-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
 2edaa04cd18eaae2cf91e94f38d0f6d0  mes5/x86_64/lib64tdb1-3.3.12-0.10mdvmes5.2.x86_64.rpm
 4fab6b6ab1ec0e7fc2712c7af587088f  mes5/x86_64/lib64tdb-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
 cdbbbf0d46c237e518253deecfc06bc0  mes5/x86_64/lib64wbclient0-3.3.12-0.10mdvmes5.2.x86_64.rpm
 908ad56c3b28e6b987da13774b33f379  mes5/x86_64/lib64wbclient-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
 659ebc87967d3726da307b153b266cb0  mes5/x86_64/mount-cifs-3.3.12-0.10mdvmes5.2.x86_64.rpm
 3c7e95924dd842028077ab6b7a610d62  mes5/x86_64/nss_wins-3.3.12-0.10mdvmes5.2.x86_64.rpm
 163c146f282956f761b1a6e5c7070d98  mes5/x86_64/samba-client-3.3.12-0.10mdvmes5.2.x86_64.rpm
 c1245d240a135b2d1c6b97d3009ce01d  mes5/x86_64/samba-common-3.3.12-0.10mdvmes5.2.x86_64.rpm
 e0d54e3ca8d92b1a8d661ac70d152186  mes5/x86_64/samba-doc-3.3.12-0.10mdvmes5.2.x86_64.rpm
 f61cdc68213c9baef4bf6d71a46fe8d0  mes5/x86_64/samba-server-3.3.12-0.10mdvmes5.2.x86_64.rpm
 94d10dfe6ee83aa026c75c87745107bf  mes5/x86_64/samba-swat-3.3.12-0.10mdvmes5.2.x86_64.rpm
 cd984b4be2ecfc30144ff2d0a0d0c6d1  mes5/x86_64/samba-winbind-3.3.12-0.10mdvmes5.2.x86_64.rpm 
 3dad784fd91e4d11f827bcf637e38911  mes5/SRPMS/samba-3.3.12-0.10mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPo9/qmqjQ0CJFipgRAmPKAKDRZK/72FfLzVHDziK1FXk0cwAKgACgtUfK
qiVpzJ/OFQeZTT2t7moMp0Q=
=mhCS
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ