lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1V6ffI-0007WG-VR@titan.mandriva.com>
Date: Tue, 06 Aug 2013 13:43:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:207 ] samba

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:207
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : samba
 Date    : August 6, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in samba:
 
 Integer overflow in the read_nttrans_ea_list function in nttrans.c
 in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x
 before 4.0.8 allows remote attackers to cause a denial of service
 (memory consumption) via a malformed packet (CVE-2013-4124).
 
 The updated packages for Enterprise Server 5.2 has been patched to
 correct this issue.
 
 The updated packages for Business Server 1 has been upgraded to the
 3.6.17 version which resolves many upstream bugs and is not vulnerable
 to this issue. Additionally the libtevent packages are being provided
 which is a requirement since samba 3.6.16.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
 http://www.samba.org/samba/history/samba-3.6.13.html
 http://www.samba.org/samba/history/samba-3.6.14.html
 http://www.samba.org/samba/history/samba-3.6.15.html
 http://www.samba.org/samba/history/samba-3.6.16.html
 http://www.samba.org/samba/history/samba-3.6.17.html
 http://www.samba.org/samba/security/CVE-2013-4124
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 a4338d4ffff112db5e1a9d4ce3ca88d0  mes5/i586/libnetapi0-3.3.12-0.12mdvmes5.2.i586.rpm
 98f81ef3de8b5771db939413a7df33b5  mes5/i586/libnetapi-devel-3.3.12-0.12mdvmes5.2.i586.rpm
 687a36f13e217a2da051690fd0a73723  mes5/i586/libsmbclient0-3.3.12-0.12mdvmes5.2.i586.rpm
 a1fad872ac2fb33e3d1d4ea873859784  mes5/i586/libsmbclient0-devel-3.3.12-0.12mdvmes5.2.i586.rpm
 8e8d9bff087017f7e07346affcdd8fe0  mes5/i586/libsmbclient0-static-devel-3.3.12-0.12mdvmes5.2.i586.rpm
 9b814951f2f9841c78fa79d436611a76  mes5/i586/libsmbsharemodes0-3.3.12-0.12mdvmes5.2.i586.rpm
 3836708d4fa033ce7e92d6cba3bd57a9  mes5/i586/libsmbsharemodes-devel-3.3.12-0.12mdvmes5.2.i586.rpm
 89b7a35f7dcd28df98218819a31f74f0  mes5/i586/libtalloc1-3.3.12-0.12mdvmes5.2.i586.rpm
 593e5fd0f3a1f0b2d7066cd48c59638e  mes5/i586/libtalloc-devel-3.3.12-0.12mdvmes5.2.i586.rpm
 67bb36c6c164f2607f1c18e7e8be1bb7  mes5/i586/libtdb1-3.3.12-0.12mdvmes5.2.i586.rpm
 36c82ea156b3b03110413d9313029f5a  mes5/i586/libtdb-devel-3.3.12-0.12mdvmes5.2.i586.rpm
 3bdb87f25c87adcad2dc63d729de6629  mes5/i586/libwbclient0-3.3.12-0.12mdvmes5.2.i586.rpm
 c951e4e5b6415d8b811d3a09056dc65e  mes5/i586/libwbclient-devel-3.3.12-0.12mdvmes5.2.i586.rpm
 f4ecfcfd2edcff488e8e01e92dde048a  mes5/i586/mount-cifs-3.3.12-0.12mdvmes5.2.i586.rpm
 31d83df6e8e79ea1911986caa54c6700  mes5/i586/nss_wins-3.3.12-0.12mdvmes5.2.i586.rpm
 12939f0ce1aaa60ef29a1376abafdbc6  mes5/i586/samba-client-3.3.12-0.12mdvmes5.2.i586.rpm
 54f249d033e9161f6953583ceb7a8968  mes5/i586/samba-common-3.3.12-0.12mdvmes5.2.i586.rpm
 f1514d952b9f04927c7f6710bd9d4783  mes5/i586/samba-doc-3.3.12-0.12mdvmes5.2.i586.rpm
 cc23d499471cf3e4a1a9dd2676100039  mes5/i586/samba-server-3.3.12-0.12mdvmes5.2.i586.rpm
 fa4dca70f0ce76cd3aeb0151d642034c  mes5/i586/samba-swat-3.3.12-0.12mdvmes5.2.i586.rpm
 45dc4c5c108e8aae19f1331cf696ba21  mes5/i586/samba-winbind-3.3.12-0.12mdvmes5.2.i586.rpm 
 447c206c4202adf72578febd6ce4994f  mes5/SRPMS/samba-3.3.12-0.12mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 27ca2e1359dadd72cdbb6cba9efc42ba  mes5/x86_64/lib64netapi0-3.3.12-0.12mdvmes5.2.x86_64.rpm
 cce6ab20d60159b8a449b98e6f553f7f  mes5/x86_64/lib64netapi-devel-3.3.12-0.12mdvmes5.2.x86_64.rpm
 010346f8644ababc4c843c90554ca3e1  mes5/x86_64/lib64smbclient0-3.3.12-0.12mdvmes5.2.x86_64.rpm
 5cb5954ce9178659a996fec992a73a22  mes5/x86_64/lib64smbclient0-devel-3.3.12-0.12mdvmes5.2.x86_64.rpm
 b84b675c138eb9258cf2ca276c906c2c  mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.12mdvmes5.2.x86_64.rpm
 ae1d81f3f0c7d248b14366c29b6c2695  mes5/x86_64/lib64smbsharemodes0-3.3.12-0.12mdvmes5.2.x86_64.rpm
 a36aac31f0d7797878b0162c31707112  mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.12mdvmes5.2.x86_64.rpm
 e7c60db83295d3466f715a41b2aa1514  mes5/x86_64/lib64talloc1-3.3.12-0.12mdvmes5.2.x86_64.rpm
 d9dfe0e46de1cb438b154fa154e68278  mes5/x86_64/lib64talloc-devel-3.3.12-0.12mdvmes5.2.x86_64.rpm
 1c255221c0a05fb382060cb973b89455  mes5/x86_64/lib64tdb1-3.3.12-0.12mdvmes5.2.x86_64.rpm
 e4e507399982dc2c319b03def067de19  mes5/x86_64/lib64tdb-devel-3.3.12-0.12mdvmes5.2.x86_64.rpm
 209aae3686319e58721b31d56b6cdeef  mes5/x86_64/lib64wbclient0-3.3.12-0.12mdvmes5.2.x86_64.rpm
 5a52c2f6c4a4ac54bcdb373bba83ff65  mes5/x86_64/lib64wbclient-devel-3.3.12-0.12mdvmes5.2.x86_64.rpm
 3e7f0fbb9c18df92068244c24b1bbdf1  mes5/x86_64/mount-cifs-3.3.12-0.12mdvmes5.2.x86_64.rpm
 7e31e8f9b03903de07f312684d121309  mes5/x86_64/nss_wins-3.3.12-0.12mdvmes5.2.x86_64.rpm
 a10840ca38583ebf1f3a0323f4ade328  mes5/x86_64/samba-client-3.3.12-0.12mdvmes5.2.x86_64.rpm
 18a674c1ba05d8123eac2eb504c4dee9  mes5/x86_64/samba-common-3.3.12-0.12mdvmes5.2.x86_64.rpm
 e2d0b4fb9d3dd1d9d07a75efeea1cceb  mes5/x86_64/samba-doc-3.3.12-0.12mdvmes5.2.x86_64.rpm
 c80c6f561ad6aa790c66bfe28145a3ee  mes5/x86_64/samba-server-3.3.12-0.12mdvmes5.2.x86_64.rpm
 613f7e1bfe07c53970516ab2f124df9b  mes5/x86_64/samba-swat-3.3.12-0.12mdvmes5.2.x86_64.rpm
 070b1682e13533cec08b96857f8b9015  mes5/x86_64/samba-winbind-3.3.12-0.12mdvmes5.2.x86_64.rpm 
 447c206c4202adf72578febd6ce4994f  mes5/SRPMS/samba-3.3.12-0.12mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 915037284efd27685e278e9ace8081df  mbs1/x86_64/lib64netapi0-3.6.17-1.mbs1.x86_64.rpm
 afc142187d3218020b18b94bf762c39a  mbs1/x86_64/lib64netapi-devel-3.6.17-1.mbs1.x86_64.rpm
 80179bf48ccc600f14c285405b7682a2  mbs1/x86_64/lib64smbclient0-3.6.17-1.mbs1.x86_64.rpm
 3893c3cbbe0dc50d7316fc22e55d2deb  mbs1/x86_64/lib64smbclient0-devel-3.6.17-1.mbs1.x86_64.rpm
 4fe9d8c749ecd91d262c83c978ec6ca7  mbs1/x86_64/lib64smbclient0-static-devel-3.6.17-1.mbs1.x86_64.rpm
 50afc2217bbdccb075762405620be73b  mbs1/x86_64/lib64smbsharemodes0-3.6.17-1.mbs1.x86_64.rpm
 91563639a180b53050912d6ef0828e7b  mbs1/x86_64/lib64smbsharemodes-devel-3.6.17-1.mbs1.x86_64.rpm
 c09a10899d72f392de16f49574a78702  mbs1/x86_64/lib64tevent0-0.9.17-1.mbs1.x86_64.rpm
 5e5bf0c2c48ec03de9ad820f3411a458  mbs1/x86_64/lib64tevent-devel-0.9.17-1.mbs1.x86_64.rpm
 0be02fe6acc793457333d026b34cf159  mbs1/x86_64/lib64wbclient0-3.6.17-1.mbs1.x86_64.rpm
 fc5038eb86215685afef7aa29e721d54  mbs1/x86_64/lib64wbclient-devel-3.6.17-1.mbs1.x86_64.rpm
 06b9d6d55441db1e5fe1b5a43a2be6c4  mbs1/x86_64/nss_wins-3.6.17-1.mbs1.x86_64.rpm
 54f4bf43827db43f814ab8485a323095  mbs1/x86_64/python-tevent-0.9.17-1.mbs1.x86_64.rpm
 aa27c4e17fef5e61326ad4183a52797c  mbs1/x86_64/samba-client-3.6.17-1.mbs1.x86_64.rpm
 12bcaa2da1dd8355b0b8cced8a799bf3  mbs1/x86_64/samba-common-3.6.17-1.mbs1.x86_64.rpm
 4e06c7af112367a5c61b0b73d875cce7  mbs1/x86_64/samba-doc-3.6.17-1.mbs1.noarch.rpm
 e5d8d7147dfaab75bdf55dce403739b6  mbs1/x86_64/samba-domainjoin-gui-3.6.17-1.mbs1.x86_64.rpm
 c6477e547ec012dc4dc29cff7534191c  mbs1/x86_64/samba-server-3.6.17-1.mbs1.x86_64.rpm
 7978fc64e044df06a98128060159fdae  mbs1/x86_64/samba-swat-3.6.17-1.mbs1.x86_64.rpm
 d072d9878a23aeaac142eb6aef02f473  mbs1/x86_64/samba-virusfilter-clamav-3.6.17-1.mbs1.x86_64.rpm
 bf392636bb98fb3f7fb32c7de5be01bf  mbs1/x86_64/samba-virusfilter-fsecure-3.6.17-1.mbs1.x86_64.rpm
 73f36e4384ea427f282718aa02368800  mbs1/x86_64/samba-virusfilter-sophos-3.6.17-1.mbs1.x86_64.rpm
 788d711e140dde720541d968092f0d71  mbs1/x86_64/samba-winbind-3.6.17-1.mbs1.x86_64.rpm 
 d3c3ccbff0c59c9a87b4c7e65d02e127  mbs1/SRPMS/samba-3.6.17-1.mbs1.src.rpm
 a04162122c764dee8609a9caf2b089a4  mbs1/SRPMS/tevent-0.9.17-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSALVVmqjQ0CJFipgRAphEAKCINy1hi3rEPtPlTpnhBvztdxkn3wCgzUQz
Pz8K3dJcD1Q26YagVdAMBPo=
=KJFD
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ