#6168: samba-4.1.17
--------------------+-------------------------
Reporter: ken@… | Owner: blfs-book@…
Type: defect | Status: new
Priority: normal | Milestone: 7.7
Component: BOOK | Version: SVN
Severity: normal | Keywords:
--------------------+-------------------------
https://download.samba.org/pub/samba/stable/samba-4.1.17.tar.gz
From the release announcement:
Samba 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases in
order
to address CVE-2015-0240 (Unexpected code execution in smbd.). For the
sake of
completeness, Samba 4.2.0rc5 including a fix for this defect will follow
soon,
but it won't be a dedicated security release and will therefore address
other
bug fixes also.
o CVE-2015-0240:
All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
unexpected code execution vulnerability in the smbd file server
daemon.
A malicious client could send packets that may set up the stack in
such a way that the freeing of memory in a subsequent anonymous
netlogon packet could allow execution of arbitrary code. This code
would execute with root privileges.
I guess that this should be in 7.7, if anybody uses it.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/6168>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
