SCIENTIFIC-LINUX-ERRATA Archives

January 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: samba on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Fri, 8 Jan 2016 14:31:52 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (79 lines) 
Synopsis:          Moderate: samba security update

Advisory ID:       SLSA-2016:0006-1

Issue Date:        2016-01-07

CVE Numbers:       CVE-2015-5299

                   CVE-2015-5252

                   CVE-2015-5296

                   CVE-2015-5330

                   CVE-2015-7540

--



A denial of service flaw was found in the LDAP server provided by the AD

DC in the Samba process daemon. A remote attacker could exploit this flaw

by sending a specially crafted packet, which could cause the server to

consume an excessive amount of memory and crash. (CVE-2015-7540)



Multiple buffer over-read flaws were found in the way Samba handled

malformed inputs in certain encodings. An authenticated, remote attacker

could possibly use these flaws to disclose portions of the server memory.

(CVE-2015-5330)



A man-in-the-middle vulnerability was found in the way "connection

signing" was implemented by Samba. A remote attacker could use this flaw

to downgrade an existing Samba client connection and force the use of

plain text. (CVE-2015-5296)



A missing access control flaw was found in Samba. A remote, authenticated

attacker could use this flaw to view the current snapshot on a Samba

share, despite not having DIRECTORY_LIST access rights. (CVE-2015-5299)



An access flaw was found in the way Samba verified symbolic links when

creating new files on a Samba share. A remote attacker could exploit this

flaw to gain access to files outside of Samba's share path.

(CVE-2015-5252)



After installing this update, the smb service will be restarted

automatically.

--



SL7

  x86_64

    libsmbclient-4.2.3-11.el7_2.i686.rpm

    libsmbclient-4.2.3-11.el7_2.x86_64.rpm

    libwbclient-4.2.3-11.el7_2.i686.rpm

    libwbclient-4.2.3-11.el7_2.x86_64.rpm

    samba-client-4.2.3-11.el7_2.x86_64.rpm

    samba-client-libs-4.2.3-11.el7_2.i686.rpm

    samba-client-libs-4.2.3-11.el7_2.x86_64.rpm

    samba-common-libs-4.2.3-11.el7_2.x86_64.rpm

    samba-common-tools-4.2.3-11.el7_2.x86_64.rpm

    samba-debuginfo-4.2.3-11.el7_2.i686.rpm

    samba-debuginfo-4.2.3-11.el7_2.x86_64.rpm

    samba-libs-4.2.3-11.el7_2.i686.rpm

    samba-libs-4.2.3-11.el7_2.x86_64.rpm

    samba-winbind-4.2.3-11.el7_2.x86_64.rpm

    samba-winbind-clients-4.2.3-11.el7_2.x86_64.rpm

    samba-winbind-modules-4.2.3-11.el7_2.i686.rpm

    samba-winbind-modules-4.2.3-11.el7_2.x86_64.rpm

    libsmbclient-devel-4.2.3-11.el7_2.i686.rpm

    libsmbclient-devel-4.2.3-11.el7_2.x86_64.rpm

    libwbclient-devel-4.2.3-11.el7_2.i686.rpm

    libwbclient-devel-4.2.3-11.el7_2.x86_64.rpm

    samba-4.2.3-11.el7_2.x86_64.rpm

    samba-dc-4.2.3-11.el7_2.x86_64.rpm

    samba-dc-libs-4.2.3-11.el7_2.x86_64.rpm

    samba-devel-4.2.3-11.el7_2.i686.rpm

    samba-devel-4.2.3-11.el7_2.x86_64.rpm

    samba-python-4.2.3-11.el7_2.x86_64.rpm

    samba-test-4.2.3-11.el7_2.x86_64.rpm

    samba-test-devel-4.2.3-11.el7_2.x86_64.rpm

    samba-test-libs-4.2.3-11.el7_2.i686.rpm

    samba-test-libs-4.2.3-11.el7_2.x86_64.rpm

    samba-vfs-glusterfs-4.2.3-11.el7_2.x86_64.rpm

    samba-winbind-krb5-locator-4.2.3-11.el7_2.x86_64.rpm

  noarch

    samba-common-4.2.3-11.el7_2.noarch.rpm

    samba-pidl-4.2.3-11.el7_2.noarch.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2