-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:055 http://www.mandriva.com/security/ _______________________________________________________________________ Package : samba Date : April 11, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in samba: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call (CVE-2012-1182). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 618a07a3b2880bcf1855d782d93f3007 2010.1/i586/libnetapi0-3.5.3-3.5mdv2010.2.i586.rpm 84793723c7a0b711ccf0054fda0a52da 2010.1/i586/libnetapi-devel-3.5.3-3.5mdv2010.2.i586.rpm 88cd11fac84aa9aa8405cbce6dd835bc 2010.1/i586/libsmbclient0-3.5.3-3.5mdv2010.2.i586.rpm 0836753a45ddb9760e27ee422cde449b 2010.1/i586/libsmbclient0-devel-3.5.3-3.5mdv2010.2.i586.rpm 141a9d5388457f80d6fc519d20180bc4 2010.1/i586/libsmbclient0-static-devel-3.5.3-3.5mdv2010.2.i586.rpm 1c10c6e959094d33f19b8279818361b6 2010.1/i586/libsmbsharemodes0-3.5.3-3.5mdv2010.2.i586.rpm 8c2ea1ca2e5ff06174579a95707fa7ff 2010.1/i586/libsmbsharemodes-devel-3.5.3-3.5mdv2010.2.i586.rpm 3f3a4c2575aa4b025608ca0a1b2e81ad 2010.1/i586/libwbclient0-3.5.3-3.5mdv2010.2.i586.rpm 11c5a7f84f6b60f4ba5c96feb6a182ff 2010.1/i586/libwbclient-devel-3.5.3-3.5mdv2010.2.i586.rpm 17eaac9a0b671be1303667e1127c7943 2010.1/i586/mount-cifs-3.5.3-3.5mdv2010.2.i586.rpm 9cf5a0b8975f3de3f7446263e60dbf90 2010.1/i586/nss_wins-3.5.3-3.5mdv2010.2.i586.rpm 934caa56ec7a351ccca4ff02ffb4c541 2010.1/i586/samba-client-3.5.3-3.5mdv2010.2.i586.rpm 6096e9066577d6fa93381276d8daa3bb 2010.1/i586/samba-common-3.5.3-3.5mdv2010.2.i586.rpm e55c85a899f3546272f184fe69810139 2010.1/i586/samba-doc-3.5.3-3.5mdv2010.2.i586.rpm 26362e3a7e1b3472ef2ccdd52284b0d4 2010.1/i586/samba-domainjoin-gui-3.5.3-3.5mdv2010.2.i586.rpm 70eab496328572818809b15f080cf099 2010.1/i586/samba-server-3.5.3-3.5mdv2010.2.i586.rpm 6952e5097b510af3329c6f5d78f8cbe9 2010.1/i586/samba-swat-3.5.3-3.5mdv2010.2.i586.rpm 915ae724c3de06331cfd04fb0bd69265 2010.1/i586/samba-winbind-3.5.3-3.5mdv2010.2.i586.rpm 4c72879b63802de52b63ed7b83d4a918 2010.1/SRPMS/samba-3.5.3-3.5mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: ace2c0860c17914d21dbe617fa87e0e7 2010.1/x86_64/lib64netapi0-3.5.3-3.5mdv2010.2.x86_64.rpm 74763ba858d48c7c448defa8b2ffd556 2010.1/x86_64/lib64netapi-devel-3.5.3-3.5mdv2010.2.x86_64.rpm 50ce33ea687930e080072efdfbfc004b 2010.1/x86_64/lib64smbclient0-3.5.3-3.5mdv2010.2.x86_64.rpm f7f790f0205aecfa5b9914a6d9f6c52b 2010.1/x86_64/lib64smbclient0-devel-3.5.3-3.5mdv2010.2.x86_64.rpm 6d3a02bef858a12ee0934dce09e88be4 2010.1/x86_64/lib64smbclient0-static-devel-3.5.3-3.5mdv2010.2.x86_64.rpm 34853bcef699f85747d96d07c200555f 2010.1/x86_64/lib64smbsharemodes0-3.5.3-3.5mdv2010.2.x86_64.rpm a6ec714a27184155cef1da72859119e5 2010.1/x86_64/lib64smbsharemodes-devel-3.5.3-3.5mdv2010.2.x86_64.rpm 295583bae32ab52bd25bc5b121e875ab 2010.1/x86_64/lib64wbclient0-3.5.3-3.5mdv2010.2.x86_64.rpm 9d33640b2e23f9f26833d37f472c7c29 2010.1/x86_64/lib64wbclient-devel-3.5.3-3.5mdv2010.2.x86_64.rpm 60676ae71f3ade9516a539f03354cf8d 2010.1/x86_64/mount-cifs-3.5.3-3.5mdv2010.2.x86_64.rpm a8ac8164580908142c1ffa71285d7f46 2010.1/x86_64/nss_wins-3.5.3-3.5mdv2010.2.x86_64.rpm fcb05e26eaf45d2b588580182ffdd0b0 2010.1/x86_64/samba-client-3.5.3-3.5mdv2010.2.x86_64.rpm 18456d389b3c2c0c109e31f80067f41c 2010.1/x86_64/samba-common-3.5.3-3.5mdv2010.2.x86_64.rpm 8622946366a3a05229555e9de579d85f 2010.1/x86_64/samba-doc-3.5.3-3.5mdv2010.2.x86_64.rpm c4cdca61a5648a017f911fec5bb38e17 2010.1/x86_64/samba-domainjoin-gui-3.5.3-3.5mdv2010.2.x86_64.rpm 3f8ec5ea217e2da57fe2496a790cf613 2010.1/x86_64/samba-server-3.5.3-3.5mdv2010.2.x86_64.rpm ed0292f244641a730a30c6b5adfce0cb 2010.1/x86_64/samba-swat-3.5.3-3.5mdv2010.2.x86_64.rpm da63310faa0984097e4db35aafdb6af1 2010.1/x86_64/samba-winbind-3.5.3-3.5mdv2010.2.x86_64.rpm 4c72879b63802de52b63ed7b83d4a918 2010.1/SRPMS/samba-3.5.3-3.5mdv2010.2.src.rpm Mandriva Linux 2011: 2ece08d6baf00f820370996304a7f464 2011/i586/libnetapi0-3.5.10-1.2-mdv2011.0.i586.rpm 391e0e83b2156f92bf06057ab44336e6 2011/i586/libnetapi-devel-3.5.10-1.2-mdv2011.0.i586.rpm e6db8597c80e0f52fd8571ae20a2a07c 2011/i586/libsmbclient0-3.5.10-1.2-mdv2011.0.i586.rpm 550c87c7ab33576ffd4dab2ba0c6d57b 2011/i586/libsmbclient0-devel-3.5.10-1.2-mdv2011.0.i586.rpm 50004feba2de339c2c0d5a53a3b9a25f 2011/i586/libsmbclient0-static-devel-3.5.10-1.2-mdv2011.0.i586.rpm 0d73a396ea85b9efe9eb9103a4a506a3 2011/i586/libsmbsharemodes0-3.5.10-1.2-mdv2011.0.i586.rpm b2fc366a39db8452d49b29aa87c0c3b1 2011/i586/libsmbsharemodes-devel-3.5.10-1.2-mdv2011.0.i586.rpm 4758e5dd9bcdc9a691cb9ffb11cbcc37 2011/i586/libwbclient0-3.5.10-1.2-mdv2011.0.i586.rpm 597f5729e0a9720bbdea9a78784bd9d9 2011/i586/libwbclient-devel-3.5.10-1.2-mdv2011.0.i586.rpm 79a52dd2215429b2a09253de672eb272 2011/i586/mount-cifs-3.5.10-1.2-mdv2011.0.i586.rpm caa88a84173b74f2382fed9816b67ad3 2011/i586/nss_wins-3.5.10-1.2-mdv2011.0.i586.rpm adcb26cca8e20413971f83858e613ca8 2011/i586/samba-client-3.5.10-1.2-mdv2011.0.i586.rpm e23764ffc762ca871bb314906989e656 2011/i586/samba-common-3.5.10-1.2-mdv2011.0.i586.rpm 8c6077e30c837078cdd2accaf5f0b80b 2011/i586/samba-doc-3.5.10-1.2-mdv2011.0.noarch.rpm bba48e5ecc36ddce12571d081c75b96a 2011/i586/samba-domainjoin-gui-3.5.10-1.2-mdv2011.0.i586.rpm 0ae58d4eab55baf06aab27ed1dacf8b5 2011/i586/samba-server-3.5.10-1.2-mdv2011.0.i586.rpm e4aeea5e4368292c8dd242829ea9cfd6 2011/i586/samba-swat-3.5.10-1.2-mdv2011.0.i586.rpm 4d4eb5129e72ddbdf7e695c5d4023d14 2011/i586/samba-winbind-3.5.10-1.2-mdv2011.0.i586.rpm 43d6e58b17cf2f9c6eddc2c5162042ae 2011/SRPMS/samba-3.5.10-1.2.src.rpm Mandriva Linux 2011/X86_64: 8e8379f1c13346f05b73dda02f1dd8d4 2011/x86_64/lib64netapi0-3.5.10-1.2-mdv2011.0.x86_64.rpm 58293f1655f7aa5fa263b949c2e19c45 2011/x86_64/lib64netapi-devel-3.5.10-1.2-mdv2011.0.x86_64.rpm b6a4602bbbd5aec74ec7d9186056b2e2 2011/x86_64/lib64smbclient0-3.5.10-1.2-mdv2011.0.x86_64.rpm d8d2b44cdec07717a8b69a9d25cf34a4 2011/x86_64/lib64smbclient0-devel-3.5.10-1.2-mdv2011.0.x86_64.rpm a94819d1a6a845d88d227e8049fe68ff 2011/x86_64/lib64smbclient0-static-devel-3.5.10-1.2-mdv2011.0.x86_64.rpm f0a0f8cd3949b4867d3c76c618a5fb11 2011/x86_64/lib64smbsharemodes0-3.5.10-1.2-mdv2011.0.x86_64.rpm b32422d1dfd65572ebed6dc66ac7209d 2011/x86_64/lib64smbsharemodes-devel-3.5.10-1.2-mdv2011.0.x86_64.rpm 910b81c895ff651eeca1f78443c1ec17 2011/x86_64/lib64wbclient0-3.5.10-1.2-mdv2011.0.x86_64.rpm a76a2ed3a3d013d096d42621dcf2daaa 2011/x86_64/lib64wbclient-devel-3.5.10-1.2-mdv2011.0.x86_64.rpm c64d43b8616c133d5a6acbec19decad2 2011/x86_64/mount-cifs-3.5.10-1.2-mdv2011.0.x86_64.rpm af87db22f74156d2daa4bf2d8cafaaaa 2011/x86_64/nss_wins-3.5.10-1.2-mdv2011.0.x86_64.rpm a9df74cc2e94bc26c335cca2c128b674 2011/x86_64/samba-client-3.5.10-1.2-mdv2011.0.x86_64.rpm d723b14c7f44582905cf5f061f98e959 2011/x86_64/samba-common-3.5.10-1.2-mdv2011.0.x86_64.rpm 6b4c30fe785206e3d492ba14a321bdf5 2011/x86_64/samba-doc-3.5.10-1.2-mdv2011.0.noarch.rpm 1c96c6dace7d31700f90880589ee26d3 2011/x86_64/samba-domainjoin-gui-3.5.10-1.2-mdv2011.0.x86_64.rpm b9de9445a2b129b1ab8e8da10f0d3d19 2011/x86_64/samba-server-3.5.10-1.2-mdv2011.0.x86_64.rpm 44edbe0f928a3a0cfdb3e90b1cbfece8 2011/x86_64/samba-swat-3.5.10-1.2-mdv2011.0.x86_64.rpm 6a2e42f81bc0d0c3554d601981f874a2 2011/x86_64/samba-winbind-3.5.10-1.2-mdv2011.0.x86_64.rpm 43d6e58b17cf2f9c6eddc2c5162042ae 2011/SRPMS/samba-3.5.10-1.2.src.rpm Mandriva Enterprise Server 5: 7a1d4e2588013fae490cba76c2bd2234 mes5/i586/libnetapi0-3.3.12-0.9mdvmes5.2.i586.rpm ad114d018b79cafebb33d0afd53097fc mes5/i586/libnetapi-devel-3.3.12-0.9mdvmes5.2.i586.rpm 2d33714f2a135a597ed3f5256472a95d mes5/i586/libsmbclient0-3.3.12-0.9mdvmes5.2.i586.rpm eda2371679144117ea1e77277f12c37d mes5/i586/libsmbclient0-devel-3.3.12-0.9mdvmes5.2.i586.rpm 53ab484f0c8891e700ea10f09fdedae0 mes5/i586/libsmbclient0-static-devel-3.3.12-0.9mdvmes5.2.i586.rpm d2c8ecd7fb50314aa6929dc358dee526 mes5/i586/libsmbsharemodes0-3.3.12-0.9mdvmes5.2.i586.rpm feda8de36a0ed4111c5c41aa47f95fc6 mes5/i586/libsmbsharemodes-devel-3.3.12-0.9mdvmes5.2.i586.rpm 1414741281e22ca6dfdb12af8459c63d mes5/i586/libtalloc1-3.3.12-0.9mdvmes5.2.i586.rpm 6e17ce41a00989e07280fbdd96088cdf mes5/i586/libtalloc-devel-3.3.12-0.9mdvmes5.2.i586.rpm d6c1fdb5e1c573116d4b3a33b3aeb320 mes5/i586/libtdb1-3.3.12-0.9mdvmes5.2.i586.rpm cb44eb86989bae64095541066f06f35c mes5/i586/libtdb-devel-3.3.12-0.9mdvmes5.2.i586.rpm ec4532f047b2da1394bd802eb67e60f9 mes5/i586/libwbclient0-3.3.12-0.9mdvmes5.2.i586.rpm 9666097df96e9195455a2147908b7043 mes5/i586/libwbclient-devel-3.3.12-0.9mdvmes5.2.i586.rpm c6b8f6647f919ab2cbbe81e0de74a401 mes5/i586/mount-cifs-3.3.12-0.9mdvmes5.2.i586.rpm 0e05dd31949540545a9864c4b282588e mes5/i586/nss_wins-3.3.12-0.9mdvmes5.2.i586.rpm f0d5bb15fed6a4056175f419fb50e47e mes5/i586/samba-client-3.3.12-0.9mdvmes5.2.i586.rpm 20c4cdec0b728d6bd975684e6b8a9efc mes5/i586/samba-common-3.3.12-0.9mdvmes5.2.i586.rpm dd8c337420a8f98b769b47a696d5923b mes5/i586/samba-doc-3.3.12-0.9mdvmes5.2.i586.rpm efba0f8100a63041d8d16608314f5439 mes5/i586/samba-server-3.3.12-0.9mdvmes5.2.i586.rpm b68b108b9637c9fb4d8b5e3030b539a7 mes5/i586/samba-swat-3.3.12-0.9mdvmes5.2.i586.rpm 0ea3f96b495075f00be667c7f659e674 mes5/i586/samba-winbind-3.3.12-0.9mdvmes5.2.i586.rpm 24d8a954cf8f2b5a7a034338b106791c mes5/SRPMS/samba-3.3.12-0.9mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 545843ddaef8e31902a63d24ea1806f4 mes5/x86_64/lib64netapi0-3.3.12-0.9mdvmes5.2.x86_64.rpm b50e3c389f3bc667a0a3a68dfec90761 mes5/x86_64/lib64netapi-devel-3.3.12-0.9mdvmes5.2.x86_64.rpm 2f2e273e4351768b6441301b31f4920d mes5/x86_64/lib64smbclient0-3.3.12-0.9mdvmes5.2.x86_64.rpm 408b325ffcdd165f18f856ec3982a74a mes5/x86_64/lib64smbclient0-devel-3.3.12-0.9mdvmes5.2.x86_64.rpm 992e8d328b483a2d0bb1cb347fdcd889 mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.9mdvmes5.2.x86_64.rpm 122979a46ebbabf10f8e982829f56004 mes5/x86_64/lib64smbsharemodes0-3.3.12-0.9mdvmes5.2.x86_64.rpm 8ac2e7f26ef202f44b4bc5f88fa033a2 mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.9mdvmes5.2.x86_64.rpm 08c109c58ece0602a7a860a71496cb98 mes5/x86_64/lib64talloc1-3.3.12-0.9mdvmes5.2.x86_64.rpm d4941beba2ec0143de0fcc5ff9e446e4 mes5/x86_64/lib64talloc-devel-3.3.12-0.9mdvmes5.2.x86_64.rpm c489b3efc90813ef3f94345791359a02 mes5/x86_64/lib64tdb1-3.3.12-0.9mdvmes5.2.x86_64.rpm 94d9ad3a330aff051fb4ed478348818b mes5/x86_64/lib64tdb-devel-3.3.12-0.9mdvmes5.2.x86_64.rpm 66187cc6e379dccd47d4664e4b51f745 mes5/x86_64/lib64wbclient0-3.3.12-0.9mdvmes5.2.x86_64.rpm 7ccdbd98aa4388c207cc694f629f1a8b mes5/x86_64/lib64wbclient-devel-3.3.12-0.9mdvmes5.2.x86_64.rpm 46c2e7cffbd2b16fa6fe4cb80b8ae217 mes5/x86_64/mount-cifs-3.3.12-0.9mdvmes5.2.x86_64.rpm e93fb62b5d2669e00a5e8537d9538d03 mes5/x86_64/nss_wins-3.3.12-0.9mdvmes5.2.x86_64.rpm aec52d59f0949e615de84f89b716c740 mes5/x86_64/samba-client-3.3.12-0.9mdvmes5.2.x86_64.rpm 74ca1045837e067fc16b35f5a9c8a959 mes5/x86_64/samba-common-3.3.12-0.9mdvmes5.2.x86_64.rpm b424fdd77ed7e79cc27262008efddc50 mes5/x86_64/samba-doc-3.3.12-0.9mdvmes5.2.x86_64.rpm 711e19975e821852033e9badead55a9d mes5/x86_64/samba-server-3.3.12-0.9mdvmes5.2.x86_64.rpm ce12e60f6e6950c919b3da333b3a2e07 mes5/x86_64/samba-swat-3.3.12-0.9mdvmes5.2.x86_64.rpm 88406e56abedc8fd56da938f9a116304 mes5/x86_64/samba-winbind-3.3.12-0.9mdvmes5.2.x86_64.rpm 24d8a954cf8f2b5a7a034338b106791c mes5/SRPMS/samba-3.3.12-0.9mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPhUl5mqjQ0CJFipgRAqwGAJ9WQalWqP6WzJFo7dRcgPySLjvhAgCeNuAz 3ifKrik8iH0LOdU2Q4hDsj4= =S1NU -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/