what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2014-136

Mandriva Linux Security Advisory 2014-136
Posted Jul 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-136 - Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-0178, CVE-2014-0244, CVE-2014-3493
SHA-256 | 8eef9aa7b5bed8242080833cd967256c4ecebf611c7e4b025a94c1c923aeaa25

Mandriva Linux Security Advisory 2014-136

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:136
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : samba
Date : July 11, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated samba packages fix security vulnerabilities:

Information leak vulnerability in the VFS code, allowing an
authenticated user to retrieve eight bytes of uninitialized memory
when shadow copy is enabled (CVE-2014-0178).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable
to a denial of service on the nmbd NetBIOS name services daemon. A
malformed packet can cause the nmbd server to loop the CPU and prevent
any further NetBIOS name service (CVE-2014-0244).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected
by a denial of service crash involving overwriting memory on an
authenticated connection to the smbd file server (CVE-2014-3493).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
http://advisories.mageia.org/MGASA-2014-0279.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
8645a86e357e472003ebfe77bc808b9b mbs1/x86_64/lib64netapi0-3.6.24-1.mbs1.x86_64.rpm
bd849e2282ec3a37544446c93690047c mbs1/x86_64/lib64netapi-devel-3.6.24-1.mbs1.x86_64.rpm
21704a9d68617f77546f063f4a69b45a mbs1/x86_64/lib64smbclient0-3.6.24-1.mbs1.x86_64.rpm
70b8652bd0a4ef5ae21d62ac4684becd mbs1/x86_64/lib64smbclient0-devel-3.6.24-1.mbs1.x86_64.rpm
5e3c1cf16fbb93097be883402ad14b01 mbs1/x86_64/lib64smbclient0-static-devel-3.6.24-1.mbs1.x86_64.rpm
7e7b717c5cf8d47480904d62d4dd5c8c mbs1/x86_64/lib64smbsharemodes0-3.6.24-1.mbs1.x86_64.rpm
1e9ae6ccf639fb81fc1eab641e23868f mbs1/x86_64/lib64smbsharemodes-devel-3.6.24-1.mbs1.x86_64.rpm
45056a51e4c41ebb86bab21e78df62cd mbs1/x86_64/lib64wbclient0-3.6.24-1.mbs1.x86_64.rpm
c31b128a381e547657952396eede7590 mbs1/x86_64/lib64wbclient-devel-3.6.24-1.mbs1.x86_64.rpm
36869ca0a22dcb523a334a121293eb03 mbs1/x86_64/nss_wins-3.6.24-1.mbs1.x86_64.rpm
c98b7f7c44670eadf4df7ab42d68041e mbs1/x86_64/samba-client-3.6.24-1.mbs1.x86_64.rpm
a924c018f16a3734b8be0d4b157cc63b mbs1/x86_64/samba-common-3.6.24-1.mbs1.x86_64.rpm
4739d3b441e2bda31c57a153c416dffd mbs1/x86_64/samba-doc-3.6.24-1.mbs1.noarch.rpm
e5d882b4109730e6e1140fb5c331cc93 mbs1/x86_64/samba-domainjoin-gui-3.6.24-1.mbs1.x86_64.rpm
78557cd3a93f9a6db311b0940b95780c mbs1/x86_64/samba-server-3.6.24-1.mbs1.x86_64.rpm
87ab3bc9e83c39c7a241beec416f9248 mbs1/x86_64/samba-swat-3.6.24-1.mbs1.x86_64.rpm
ee7814bc5bed8befbd34d8fefa17810a mbs1/x86_64/samba-virusfilter-clamav-3.6.24-1.mbs1.x86_64.rpm
00e70fef896d718bd5413db1448fa0f2 mbs1/x86_64/samba-virusfilter-fsecure-3.6.24-1.mbs1.x86_64.rpm
3337db51b8c7fe41e693cc6f346f5191 mbs1/x86_64/samba-virusfilter-sophos-3.6.24-1.mbs1.x86_64.rpm
8e0fe8c410d33219926badef8679afd8 mbs1/x86_64/samba-winbind-3.6.24-1.mbs1.x86_64.rpm
059073b5aed255468492ab52e0c20bef mbs1/SRPMS/samba-3.6.24-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTv4RzmqjQ0CJFipgRAsuDAJ9c+O8dk9RBfKDVbLNKhtbVzm2tEwCfUYAS
JbbJFbKtRtq2TvzWIaBu7cU=
=9jbb
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close