Re: [SECURITY] [DSA 3171-1] samba security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3171-1] samba security update
From: Jernej Korinšek <jernej.korinsek@gmail.com>
Date: Mon, 23 Feb 2015 13:16:05 +0100
Message-id: <[🔎] 54EB1A05.8080604@gmail.com>
In-reply-to: <E1YPrVF-0006Hf-Gd@master.debian.org>
References: <E1YPrVF-0006Hf-Gd@master.debian.org>

Za Debian ne vem, za RH:

Lastly the version of Samba 4.0 shipped with Red Hat Enterprise Linux6.2 EUS is based on an alpha release of Samba 4, which lacked thepassword change functionality and thus the vulnerability. The same istrue for the version of Samba 3.0 shipped with Red Hat Enterprise Linux4 and 5.


https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
LP
On 23.2.2015 12:48, Salvatore Bonaccorso wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3171-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
February 23, 2015                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : samba
CVE ID         : CVE-2015-0240

Richard van Eeden of Microsoft Vulnerability Research discovered that
Samba, a SMB/CIFS file, print, and login server for Unix, contains a
flaw in the netlogon server code which allows remote code execution with
root privileges from an unauthenticated connection.

For the stable distribution (wheezy), this problem has been fixed in
version 2:3.6.6-6+deb7u5.

We recommend that you upgrade your samba packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU6xF7AAoJEAVMuPMTQ89ETk0P/jk/zgr+x+seIsQF0mbfgNha
2xvbRLzCXyK5rIf0PxOuaqTHRMlgPPRQ9we66dxZ5dBDuFWbcwFXc2TP3ghgjDA/
pROSdVNEPV6I1+NAGel4ySUtTHqsSvtvfxYCV2tGNNyy1IHgkqlFz5Wh+zVay6HZ
c2eWqIjNWplV6stjHfERkCRSedD5GAk4o3AVXbcbpHMO+MafzJ8W5qY2T4CHiTeo
jwwwJkLo84cOT9K3moAXrJW4ueiUsFP/VnjMj30mlHtj8qNp3KX4QlG42s44PYVO
a0t2D1nQkp+/QovgPW/ewDmMCpV1iSbFOYxj+sz8e6BzUWDx/L/RP1JK1oktAdsB
RTpEZvPFmKjZqpddbckXdIVh3vxnHA81NpYoE1udGXBsAq+YXINnlLXHXvVr9KS1
ddYmxWbHYpMLnkWWo3Ktb4aYtMcCt5j5uL1owTGs9SggZTZkPw9/B2WZux8Rz6Fz
m0FvtMuzgDUzLQNqgXHrT+NQw21gYoVBHFRSZ6L0E5Ok+MMjGMy5kC9iQXeSfp98
bVTpiqR0n5551mQWxOysrPYj05uUZ7PmagpMFofklZ/I1dGg6TwNI0ylpJlJoruG
IjFHIalwHlzhsRAzUbO+FYvjZ5mDTHk5rzafom0tBlaYUn0FdQEGgWFdGjcxCpRF
qN8/Ju7AlzAGYJxup6LW
=gHCx
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 3171-1] samba security update
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: [SECURITY] [DSA 3164-1] typo3-src security update
Next by Date: Re: [SECURITY] [DSA 3171-1] samba security update
Previous by thread: Re: [SECURITY] [DSA 3164-1] typo3-src security update
Next by thread: Re: [SECURITY] [DSA 3171-1] samba security update
Index(es):
- Date
- Thread