Ian Mcwilliam <[email protected]> writes: > Update for Samba4 to address CVE-2014-3560 > > http://www.samba.org/samba/security/CVE-2014-3560 > > All current versions of Samba 4.x.x are vulnerable to a remote code > execution vulnerability in the nmbd NetBIOS name services daemon. > > A malicious browser can send packets that may overwrite the heap of > the target nmbd NetBIOS name services daemon. It may be possible to > use this to generate a remote code execution vulnerability as the > superuser (root).
I can't test it at work on OpenBSD, but we already use 4.0.20 and this update looks fine; so does a build on amd64. I think this should go in. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
