Updated samba packages fix security vulnerability
Publication date: 02 Jan 2018Modification date: 02 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-12150 , CVE-2017-12163 , CVE-2017-15275
Description
Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in
certain situations. A remote attacker could use this issue to perform a man
in the middle attack. (CVE-2017-12150)
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory
when SMB1 is being used. A remote attacker could possibly use this issue to
obtain server memory contents. (CVE-2017-12163)
Volker Lendecke discovered that Samba incorrectly cleared memory when
returning data to a client. A remote attacker could possibly use this issue
to obtain sensitive information. (CVE-2017-15275)
References
- https://bugs.mageia.org/show_bug.cgi?id=21743
- https://www.samba.org/samba/security/CVE-2017-12150.html
- https://www.samba.org/samba/security/CVE-2017-12163.html
- https://www.samba.org/samba/security/CVE-2017-15275.html
- https://usn.ubuntu.com/usn/usn-3426-2/
- https://usn.ubuntu.com/usn/usn-3486-2/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12150
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
SRPMS
5/core
- samba-3.6.25-2.8.mga5