Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201502-15 ] Samba: Multiple vulnerabilities
Date: Thu, 26 Feb 2015 07:52:33
Message-Id: 54EE4798.5020307@gentoo.org
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA512
3
4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5 Gentoo Linux Security Advisory GLSA 201502-15
6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 http://security.gentoo.org/
8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10 Severity: High
11 Title: Samba: Multiple vulnerabilities
12 Date: February 25, 2015
13 Bugs: #479868, #491070, #493664, #504494, #511764, #514676, #541182
14 ID: 201502-15
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 Multiple vulnerabilities have been found in Samba, the worst of which
22 allowing a context-dependent attacker to bypass intended file
23 restrictions, cause a Denial of Service or execute arbitrary code.
24
25 Background
26 ==========
27
28 Samba is a suite of SMB and CIFS client/server programs.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 net-fs/samba < 3.6.25 >= 3.6.25
37
38 Description
39 ===========
40
41 Multiple vulnerabilities have been discovered in Samba. Please review
42 the CVE identifiers referenced below for details.
43
44 Impact
45 ======
46
47 A context-dependent attacker may be able to execute arbitrary code,
48 cause a Denial of Service condition, bypass intended file restrictions,
49 or obtain sensitive information.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All Samba users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose ">=net-fs/samba-3.6.25"
63
64 References
65 ==========
66
67 [ 1 ] CVE-2012-6150
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6150
69 [ 2 ] CVE-2013-4124
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4124
71 [ 3 ] CVE-2013-4408
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4408
73 [ 4 ] CVE-2013-4475
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4475
75 [ 5 ] CVE-2013-4476
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4476
77 [ 6 ] CVE-2013-4496
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4496
79 [ 7 ] CVE-2014-0178
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0178
81 [ 8 ] CVE-2014-0239
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0239
83 [ 9 ] CVE-2014-0244
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0244
85 [ 10 ] CVE-2014-3493
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3493
87 [ 11 ] CVE-2015-0240
88 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0240
89
90 Availability
91 ============
92
93 This GLSA and any updates to it are available for viewing at
94 the Gentoo Security Website:
95
96 http://security.gentoo.org/glsa/glsa-201502-15.xml
97
98 Concerns?
99 =========
100
101 Security is a primary focus of Gentoo Linux and ensuring the
102 confidentiality and security of our users' machines is of utmost
103 importance to us. Any security concerns should be addressed to
104 security@g.o or alternatively, you may file a bug at
105 https://bugs.gentoo.org.
106
107 License
108 =======
109
110 Copyright 2015 Gentoo Foundation, Inc; referenced text
111 belongs to its owner(s).
112
113 The contents of this document are licensed under the
114 Creative Commons - Attribution / Share Alike license.
115
116 http://creativecommons.org/licenses/by-sa/2.5
117
118 -----BEGIN PGP SIGNATURE-----
119
120 iQEcBAEBCgAGBQJU7kePAAoJEP7VAChXwav6PFsH/0UBqHBs9RhNTHwIUVCm4lOe
121 3lbV1rlOX1bpWPCFjVd5GugB11aLSNp7BdtLM09mLEvO3J2B9dsWEdxJu4PVMfhR
122 dkGnuYqUDxmfVdEZ20Ne5ZLih2cJBsakQzobG8CXyZ4WVyFdbPO4VnplHoH/PZRa
123 uw3/RaEjd6iDDHeCC+9R2Pnpjt/ME1Z0XTlVdQWCTnrxW3P0e2gMUXEgZhVUYrT5
124 DryKK/ksUo7n6rktux4TVsnX3lsYQ3f2x3BNkkZYr1uFfeDPhm3o1V4519pkJviU
125 LUvDgNQm4OtsEzRy71OCUnEIl8MehrNRWIqGSlqfJ8ZAO6jz2s/ZZAH8ph5Zn1I=
126 =sQbt
127 -----END PGP SIGNATURE-----