* It was found that samba did not enforce "SMB signing" when certain
configuration options were enabled. A remote attacker could launch a man-
in-the-middle attack and retrieve information in plain-text.
(CVE-2017-12150)
* An information leak flaw was found in the way SMB1 protocol was
implemented by Samba. A malicious client could use this flaw to dump
server memory contents to a file on the samba share or to a shared
printer, though the exact area of server memory cannot be controlled by
the attacker. (CVE-2017-12163)
--