1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2966-1] samba security update

    From Yves-Alexis Perez@1:229/2 to All on Mon Jun 23 11:50:01 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2966-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez
    June 23, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : samba
    CVE ID : CVE-2014-0178 CVE-2014-0244 CVE-2014-3493
    Debian Bug :

    Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS
    file, print, and login server:

    CVE-2014-0178

    Information leak vulnerability in the VFS code, allowing an
    authenticated user to retrieve eight bytes of uninitialized memory
    when shadow copy is enabled.

    CVE-2014-0244

    Denial of service (infinite CPU loop) in the nmbd Netbios name
    service daemon. A malformed packet can cause the nmbd server to
    enter an infinite loop, preventing it to process later requests to
    the Netbios name service.

    CVE-2014-3493

    Denial of service (daemon crash) in the smbd file server daemon. An
    authenticated user attempting to read a Unicode path using a
    non-Unicode request can force the daemon to overwrite memory at an
    invalid address.

    For the stable distribution (wheezy), these problems have been fixed in
    version 2:3.6.6-6+deb7u4.

    For the testing distribution (jessie), these problems have been fixed in version 2:4.1.9+dfsg-1.

    For the unstable distribution (sid), these problems have been fixed in
    version 2:4.1.9+dfsg-1.

    We recommend that you upgrade your samba packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQEcBAEBCgAGBQJTp/WMAAoJEG3bU/KmdcCl10cIAIb5QEA7bqS2gkilXlSfk2J+ WEZB8DKVWfHWGz/krUcSxn8FSF9ItwT0QCcrrZHJHofDx7BIyk+QaHNquDA6a2X8 xm6HHCjhwSUz5qbrnFeZULUQGhekhqTbucr9dEOrbjM+KUWKebX+jrJkEcCVkDVi uqcAi7p1ESJJ88ebWV6VvlGJO9qOcNAaYAJCGzGapISeaQ/NevKjfWyM0FhdxF4/ nK8ol4C4hJXb02VrXZ7QEvGU0DJryBoA38euAt54NmBqfWBZg/Wi6osmluErbSbA 5xcBpctxXW5sVTf+2k608NdSnS9JilanNtWkaYiQkwD6CDkYfHtq14GMeAzk8ng=
    =K2AH
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)