Synopsis:          Important: samba4 security update
Advisory ID:       SLSA-2017:3278-1
Issue Date:        2017-11-29
CVE Numbers:       CVE-2017-14746
                   CVE-2017-15275
--

Security Fix(es):

* A use-after-free flaw was found in the way samba servers handled certain
SMB1 requests. An unauthenticated attacker could send specially-crafted
SMB1 requests to cause the server to crash or execute arbitrary code.
(CVE-2017-14746)

* A memory disclosure flaw was found in samba. An attacker could retrieve
parts of server memory, which could contain potentially sensitive data, by
sending specially-crafted requests to the samba server. (CVE-2017-15275)
--

SL6
  x86_64
    samba4-4.2.10-12.el6_9.x86_64.rpm
    samba4-client-4.2.10-12.el6_9.x86_64.rpm
    samba4-common-4.2.10-12.el6_9.x86_64.rpm
    samba4-dc-4.2.10-12.el6_9.x86_64.rpm
    samba4-dc-libs-4.2.10-12.el6_9.x86_64.rpm
    samba4-debuginfo-4.2.10-12.el6_9.x86_64.rpm
    samba4-devel-4.2.10-12.el6_9.x86_64.rpm
    samba4-libs-4.2.10-12.el6_9.x86_64.rpm
    samba4-pidl-4.2.10-12.el6_9.x86_64.rpm
    samba4-python-4.2.10-12.el6_9.x86_64.rpm
    samba4-test-4.2.10-12.el6_9.x86_64.rpm
    samba4-winbind-4.2.10-12.el6_9.x86_64.rpm
    samba4-winbind-clients-4.2.10-12.el6_9.x86_64.rpm
    samba4-winbind-krb5-locator-4.2.10-12.el6_9.x86_64.rpm
  i386
    samba4-4.2.10-12.el6_9.i686.rpm
    samba4-client-4.2.10-12.el6_9.i686.rpm
    samba4-common-4.2.10-12.el6_9.i686.rpm
    samba4-dc-4.2.10-12.el6_9.i686.rpm
    samba4-dc-libs-4.2.10-12.el6_9.i686.rpm
    samba4-debuginfo-4.2.10-12.el6_9.i686.rpm
    samba4-devel-4.2.10-12.el6_9.i686.rpm
    samba4-libs-4.2.10-12.el6_9.i686.rpm
    samba4-pidl-4.2.10-12.el6_9.i686.rpm
    samba4-python-4.2.10-12.el6_9.i686.rpm
    samba4-test-4.2.10-12.el6_9.i686.rpm
    samba4-winbind-4.2.10-12.el6_9.i686.rpm
    samba4-winbind-clients-4.2.10-12.el6_9.i686.rpm
    samba4-winbind-krb5-locator-4.2.10-12.el6_9.i686.rpm

- Scientific Linux Development Team