Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in Samba
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Samba
ID: MDVSA-2015:081
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Sa, 28. März 2015, 11:00
Referenzen: http://advisories.mageia.org/MGASA-2015-0084.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
Applikationen: Samba

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1427530171-3111-3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:081
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : samba
 Date    : March 28, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated samba packages fix security vulnerabilities:
 
 An uninitialized pointer use flaw was found in the Samba daemon
 (smbd). A malicious Samba client could send specially crafted netlogon
 packets that, when processed by smbd, could potentially lead to
 arbitrary code execution with the privileges of the user running smbd
 (by default, the root user) (CVE-2015-0240).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
 http://advisories.mageia.org/MGASA-2015-0084.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 4ac8f8f9652ad4ca155e19153c6899c8 
 mbs1/x86_64/lib64netapi0-3.6.25-1.mbs1.x86_64.rpm
 70811f103aaf352706212264cd1bdd07 
 mbs1/x86_64/lib64netapi-devel-3.6.25-1.mbs1.x86_64.rpm
 124038bf590e4b24d44032ff319877cb 
 mbs1/x86_64/lib64smbclient0-3.6.25-1.mbs1.x86_64.rpm
 8654538cb5fe0ec9f4e1f843b48bfe3e 
 mbs1/x86_64/lib64smbclient0-devel-3.6.25-1.mbs1.x86_64.rpm
 0a0b66090334e58925651eaf5a93db4b 
 mbs1/x86_64/lib64smbclient0-static-devel-3.6.25-1.mbs1.x86_64.rpm
 af20d1ba0b94c53e49dcd62e9dc2862b 
 mbs1/x86_64/lib64smbsharemodes0-3.6.25-1.mbs1.x86_64.rpm
 5e52b9faf84405b9082073077e573b2c 
 mbs1/x86_64/lib64smbsharemodes-devel-3.6.25-1.mbs1.x86_64.rpm
 46a0608a84712e469dd32918391e8c3d 
 mbs1/x86_64/lib64wbclient0-3.6.25-1.mbs1.x86_64.rpm
 b9244f130c1bdfc160d3d720088e38ba 
 mbs1/x86_64/lib64wbclient-devel-3.6.25-1.mbs1.x86_64.rpm
 c715497f62eeeafa889ff7471c79bdfc 
 mbs1/x86_64/nss_wins-3.6.25-1.mbs1.x86_64.rpm
 d22d02173ec97c95eb7328024b9e82ee 
 mbs1/x86_64/samba-client-3.6.25-1.mbs1.x86_64.rpm
 00bd57d9b85d09366628b1f46505bd85 
 mbs1/x86_64/samba-common-3.6.25-1.mbs1.x86_64.rpm
 9d4637b0de9d912bcd5506fed360d0a2 
 mbs1/x86_64/samba-doc-3.6.25-1.mbs1.noarch.rpm
 7d7f6be0de70100422674ae8cf5172a5 
 mbs1/x86_64/samba-domainjoin-gui-3.6.25-1.mbs1.x86_64.rpm
 55ea454169eb18e357a656872b9b6254 
 mbs1/x86_64/samba-server-3.6.25-1.mbs1.x86_64.rpm
 8ee941751deb9362569b7d6396747408 
 mbs1/x86_64/samba-swat-3.6.25-1.mbs1.x86_64.rpm
 05f58113d2b78614278ee9698d297e49 
 mbs1/x86_64/samba-virusfilter-clamav-3.6.25-1.mbs1.x86_64.rpm
 c8ed9bb7d1636d82ca1aad0100d058a4 
 mbs1/x86_64/samba-virusfilter-fsecure-3.6.25-1.mbs1.x86_64.rpm
 658617b2a62a7aba97bba8a0b81e2962 
 mbs1/x86_64/samba-virusfilter-sophos-3.6.25-1.mbs1.x86_64.rpm
 c8071cdc97727ad4749c522f8eb7e1ba 
 mbs1/x86_64/samba-winbind-3.6.25-1.mbs1.x86_64.rpm 
 ee22c6311d482ec4a8358d2d4a2a48e0  mbs1/SRPMS/samba-3.6.25-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFlNBmqjQ0CJFipgRAne5AJ4l/PaNKpbcDYC6cDmOgUTaiaedoACgm+Bk
2v2AIePJXBUsvmVJ9qs7z0M=
=ZeNI
-----END PGP SIGNATURE-----


------------=_1427530171-3111-3
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427530171-3111-3--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung