Advisories » MGASA-2015-0084

Updated samba packages fix CVE-2015-0240

Publication date: 24 Feb 2015
Modification date: 24 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0240

Description

Updated samba packages fix security vulnerabilities:

An uninitialized pointer use flaw was found in the Samba daemon (smbd). A
malicious Samba client could send specially crafted netlogon packets that,
when processed by smbd, could potentially lead to arbitrary code execution
with the privileges of the user running smbd (by default, the root user)
(CVE-2015-0240).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15347
• https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
• https://rhn.redhat.com/errata/RHSA-2015-0251.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240

SRPMS

4/core

• samba-3.6.25-1.mga4