Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201206-22 ] Samba: Multiple vulnerabilities
Date: Sun, 24 Jun 2012 13:24:44
Message-Id: 4FE71058.4030505@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201206-22
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Samba: Multiple vulnerabilities
9 Date: June 24, 2012
10 Bugs: #290633, #310105, #323785, #332063, #337295, #356917,
11 #382263, #386375, #405551, #411487, #414319
12 ID: 201206-22
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in Samba, the worst of which
20 may allow execution of arbitrary code with root privileges.
21
22 Background
23 ==========
24
25 Samba is a suite of SMB and CIFS client/server programs.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 net-fs/samba < 3.5.15 >= 3.5.15
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Samba. Please review
39 the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with root
45 privileges, cause a Denial of Service condition, take ownership of
46 shared files, or bypass file permissions. Furthermore, a local attacker
47 may be able to cause a Denial of Service condition or obtain sensitive
48 information in a Samba credentials file.
49
50 Workaround
51 ==========
52
53 There is no known workaround at this time.
54
55 Resolution
56 ==========
57
58 All Samba users should upgrade to the latest version:
59
60 # emerge --sync
61 # emerge --ask --oneshot --verbose ">=net-fs/samba-3.5.15"
62
63 References
64 ==========
65
66 [ 1 ] CVE-2009-2906
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2906
68 [ 2 ] CVE-2009-2948
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2948
70 [ 3 ] CVE-2010-0728
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0728
72 [ 4 ] CVE-2010-1635
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1635
74 [ 5 ] CVE-2010-1642
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1642
76 [ 6 ] CVE-2010-2063
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2063
78 [ 7 ] CVE-2010-3069
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3069
80 [ 8 ] CVE-2011-0719
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0719
82 [ 9 ] CVE-2011-1678
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1678
84 [ 10 ] CVE-2011-2724
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2724
86 [ 11 ] CVE-2012-0870
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0870
88 [ 12 ] CVE-2012-1182
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1182
90 [ 13 ] CVE-2012-2111
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2111
92
93 Availability
94 ============
95
96 This GLSA and any updates to it are available for viewing at
97 the Gentoo Security Website:
98
99 http://security.gentoo.org/glsa/glsa-201206-22.xml
100
101 Concerns?
102 =========
103
104 Security is a primary focus of Gentoo Linux and ensuring the
105 confidentiality and security of our users' machines is of utmost
106 importance to us. Any security concerns should be addressed to
107 security@g.o or alternatively, you may file a bug at
108 https://bugs.gentoo.org.
109
110 License
111 =======
112
113 Copyright 2012 Gentoo Foundation, Inc; referenced text
114 belongs to its owner(s).
115
116 The contents of this document are licensed under the
117 Creative Commons - Attribution / Share Alike license.
118
119 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature