1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3514-1] samba security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Mar 12 08:30:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3514-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    March 12, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : samba
    CVE ID : CVE-2015-7560 CVE-2016-0771
    Debian Bug : 812429

    Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
    print, and login server for Unix. The Common Vulnerabilities and
    Exposures project identifies the following issues:

    CVE-2015-7560

    Jeremy Allison of Google, Inc. and the Samba Team discovered that
    Samba incorrectly handles getting and setting ACLs on a symlink
    path. An authenticated malicious client can use SMB1 UNIX extensions
    to create a symlink to a file or directory, and then use non-UNIX
    SMB1 calls to overwrite the contents of the ACL on the file or
    directory linked to.

    CVE-2016-0771

    Garming Sam and Douglas Bagnall of Catalyst IT discovered that Samba
    is vulnerable to an out-of-bounds read issue during DNS TXT record
    handling, if Samba is deployed as an AD DC and chosen to run the
    internal DNS server. A remote attacker can exploit this flaw to
    cause a denial of service (Samba crash), or potentially, to allow
    leakage of memory from the server in the form of a DNS TXT reply.

    Additionally this update includes a fix for a regression introduced due
    to the upstream fix for CVE-2015-5252 in DSA-3433-1 in setups where the
    share path is '/'.

    For the oldstable distribution (wheezy), these problems have been fixed
    in version 2:3.6.6-6+deb7u7. The oldstable distribution (wheezy) is not affected by CVE-2016-0771.

    For the stable distribution (jessie), these problems have been fixed in
    version 2:4.1.17+dfsg-2+deb8u2.

    For the unstable distribution (sid), these problems have been fixed in
    version 2:4.3.6+dfsg-1.

    We recommend that you upgrade your samba packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJW48PXAAoJEAVMuPMTQ89EvU8P/37E3b5xZG1Gz02LYgppRPHA ZDxFMnVN/jyEqMXBxfY625C3enoz9w3LXa7lsIhgFxbbP76iGRbWKOS8z9hFd60A xDp0v8ysEaBlgjEyvviwrP/IoCNFp7yAVChk5GCR+F27Uf/h5MZv4tAIkeIyGmgc 34XNs0p9WqS4KK0qVYSM8uTXk3nMv0IVWqZGUYMFjr3/yaY3BJ8kld2p1jugOXBI 7avURCGBSzg53LtVGfDgtHIsHbACrmFgKBeuke6iSRCVzk9mpDDjrmkPGNpo8Czs 0i0IhLMR8QCgpRMeo6oPg430uGUcFQD70GVWa1FeodYoo+4g7zS3YfrT7JV47vGh WQKMtdib6/MfzcnZDXeCvaSGPUxjpR15oYbkHcHHh+/urlmA14RbeDUPSiUf24KD bWRUgs4dsoiQtmBao/P1iE461ZMK2jikI0IaLP6yBKSy8Xqahk5BeyVpRnAVcD/t F3rSjEWgukygmgZ5O0zUwLW7StkGCJIZkbfqAni2r1Zd0eZcwD9cnBiE1FP3Jniz 5z+FDNBBpcErKWjVEAHt7rKK+1s+I+RvxDPbzeQHRfZQ4SLKyEegj+w317L8OvRq 7/kJpDBwg45Pk6yaRpVIkieCeqH+IgzT4QuxJhCS9S6xVNHTBZd3iwOnJjBSN8kJ co5XGqr61KEP8R7ECNh5
    =BTxT
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)