Mandriva Linux Security Advisory 2014-136 - Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server.
8eef9aa7b5bed8242080833cd967256c4ecebf611c7e4b025a94c1c923aeaa25
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:136
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : samba
Date : July 11, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated samba packages fix security vulnerabilities:
Information leak vulnerability in the VFS code, allowing an
authenticated user to retrieve eight bytes of uninitialized memory
when shadow copy is enabled (CVE-2014-0178).
Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable
to a denial of service on the nmbd NetBIOS name services daemon. A
malformed packet can cause the nmbd server to loop the CPU and prevent
any further NetBIOS name service (CVE-2014-0244).
Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected
by a denial of service crash involving overwriting memory on an
authenticated connection to the smbd file server (CVE-2014-3493).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
http://advisories.mageia.org/MGASA-2014-0279.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
8645a86e357e472003ebfe77bc808b9b mbs1/x86_64/lib64netapi0-3.6.24-1.mbs1.x86_64.rpm
bd849e2282ec3a37544446c93690047c mbs1/x86_64/lib64netapi-devel-3.6.24-1.mbs1.x86_64.rpm
21704a9d68617f77546f063f4a69b45a mbs1/x86_64/lib64smbclient0-3.6.24-1.mbs1.x86_64.rpm
70b8652bd0a4ef5ae21d62ac4684becd mbs1/x86_64/lib64smbclient0-devel-3.6.24-1.mbs1.x86_64.rpm
5e3c1cf16fbb93097be883402ad14b01 mbs1/x86_64/lib64smbclient0-static-devel-3.6.24-1.mbs1.x86_64.rpm
7e7b717c5cf8d47480904d62d4dd5c8c mbs1/x86_64/lib64smbsharemodes0-3.6.24-1.mbs1.x86_64.rpm
1e9ae6ccf639fb81fc1eab641e23868f mbs1/x86_64/lib64smbsharemodes-devel-3.6.24-1.mbs1.x86_64.rpm
45056a51e4c41ebb86bab21e78df62cd mbs1/x86_64/lib64wbclient0-3.6.24-1.mbs1.x86_64.rpm
c31b128a381e547657952396eede7590 mbs1/x86_64/lib64wbclient-devel-3.6.24-1.mbs1.x86_64.rpm
36869ca0a22dcb523a334a121293eb03 mbs1/x86_64/nss_wins-3.6.24-1.mbs1.x86_64.rpm
c98b7f7c44670eadf4df7ab42d68041e mbs1/x86_64/samba-client-3.6.24-1.mbs1.x86_64.rpm
a924c018f16a3734b8be0d4b157cc63b mbs1/x86_64/samba-common-3.6.24-1.mbs1.x86_64.rpm
4739d3b441e2bda31c57a153c416dffd mbs1/x86_64/samba-doc-3.6.24-1.mbs1.noarch.rpm
e5d882b4109730e6e1140fb5c331cc93 mbs1/x86_64/samba-domainjoin-gui-3.6.24-1.mbs1.x86_64.rpm
78557cd3a93f9a6db311b0940b95780c mbs1/x86_64/samba-server-3.6.24-1.mbs1.x86_64.rpm
87ab3bc9e83c39c7a241beec416f9248 mbs1/x86_64/samba-swat-3.6.24-1.mbs1.x86_64.rpm
ee7814bc5bed8befbd34d8fefa17810a mbs1/x86_64/samba-virusfilter-clamav-3.6.24-1.mbs1.x86_64.rpm
00e70fef896d718bd5413db1448fa0f2 mbs1/x86_64/samba-virusfilter-fsecure-3.6.24-1.mbs1.x86_64.rpm
3337db51b8c7fe41e693cc6f346f5191 mbs1/x86_64/samba-virusfilter-sophos-3.6.24-1.mbs1.x86_64.rpm
8e0fe8c410d33219926badef8679afd8 mbs1/x86_64/samba-winbind-3.6.24-1.mbs1.x86_64.rpm
059073b5aed255468492ab52e0c20bef mbs1/SRPMS/samba-3.6.24-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTv4RzmqjQ0CJFipgRAsuDAJ9c+O8dk9RBfKDVbLNKhtbVzm2tEwCfUYAS
JbbJFbKtRtq2TvzWIaBu7cU=
=9jbb
-----END PGP SIGNATURE-----