drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Samba
Name: |
Zwei Probleme in Samba |
|
ID: |
DSA-3514-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy, Debian jessie |
|
Datum: |
Sa, 12. März 2016, 10:04 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560 |
|
Applikationen: |
Samba |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3514-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 12, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : samba CVE ID : CVE-2015-7560 CVE-2016-0771 Debian Bug : 812429
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2015-7560
Jeremy Allison of Google, Inc. and the Samba Team discovered that Samba incorrectly handles getting and setting ACLs on a symlink path. An authenticated malicious client can use SMB1 UNIX extensions to create a symlink to a file or directory, and then use non-UNIX SMB1 calls to overwrite the contents of the ACL on the file or directory linked to.
CVE-2016-0771
Garming Sam and Douglas Bagnall of Catalyst IT discovered that Samba is vulnerable to an out-of-bounds read issue during DNS TXT record handling, if Samba is deployed as an AD DC and chosen to run the internal DNS server. A remote attacker can exploit this flaw to cause a denial of service (Samba crash), or potentially, to allow leakage of memory from the server in the form of a DNS TXT reply.
Additionally this update includes a fix for a regression introduced due to the upstream fix for CVE-2015-5252 in DSA-3433-1 in setups where the share path is '/'.
For the oldstable distribution (wheezy), these problems have been fixed in version 2:3.6.6-6+deb7u7. The oldstable distribution (wheezy) is not affected by CVE-2016-0771.
For the stable distribution (jessie), these problems have been fixed in version 2:4.1.17+dfsg-2+deb8u2.
For the unstable distribution (sid), these problems have been fixed in version 2:4.3.6+dfsg-1.
We recommend that you upgrade your samba packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJW48PXAAoJEAVMuPMTQ89EvU8P/37E3b5xZG1Gz02LYgppRPHA ZDxFMnVN/jyEqMXBxfY625C3enoz9w3LXa7lsIhgFxbbP76iGRbWKOS8z9hFd60A xDp0v8ysEaBlgjEyvviwrP/IoCNFp7yAVChk5GCR+F27Uf/h5MZv4tAIkeIyGmgc 34XNs0p9WqS4KK0qVYSM8uTXk3nMv0IVWqZGUYMFjr3/yaY3BJ8kld2p1jugOXBI 7avURCGBSzg53LtVGfDgtHIsHbACrmFgKBeuke6iSRCVzk9mpDDjrmkPGNpo8Czs 0i0IhLMR8QCgpRMeo6oPg430uGUcFQD70GVWa1FeodYoo+4g7zS3YfrT7JV47vGh WQKMtdib6/MfzcnZDXeCvaSGPUxjpR15oYbkHcHHh+/urlmA14RbeDUPSiUf24KD bWRUgs4dsoiQtmBao/P1iE461ZMK2jikI0IaLP6yBKSy8Xqahk5BeyVpRnAVcD/t F3rSjEWgukygmgZ5O0zUwLW7StkGCJIZkbfqAni2r1Zd0eZcwD9cnBiE1FP3Jniz 5z+FDNBBpcErKWjVEAHt7rKK+1s+I+RvxDPbzeQHRfZQ4SLKyEegj+w317L8OvRq 7/kJpDBwg45Pk6yaRpVIkieCeqH+IgzT4QuxJhCS9S6xVNHTBZd3iwOnJjBSN8kJ co5XGqr61KEP8R7ECNh5 =BTxT -----END PGP SIGNATURE-----
|
|
|
|