-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:136 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : samba Date : July 11, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated samba packages fix security vulnerabilities: Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493 http://advisories.mageia.org/MGASA-2014-0279.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 8645a86e357e472003ebfe77bc808b9b mbs1/x86_64/lib64netapi0-3.6.24-1.mbs1.x86_64.rpm bd849e2282ec3a37544446c93690047c mbs1/x86_64/lib64netapi-devel-3.6.24-1.mbs1.x86_64.rpm 21704a9d68617f77546f063f4a69b45a mbs1/x86_64/lib64smbclient0-3.6.24-1.mbs1.x86_64.rpm 70b8652bd0a4ef5ae21d62ac4684becd mbs1/x86_64/lib64smbclient0-devel-3.6.24-1.mbs1.x86_64.rpm 5e3c1cf16fbb93097be883402ad14b01 mbs1/x86_64/lib64smbclient0-static-devel-3.6.24-1.mbs1.x86_64.rpm 7e7b717c5cf8d47480904d62d4dd5c8c mbs1/x86_64/lib64smbsharemodes0-3.6.24-1.mbs1.x86_64.rpm 1e9ae6ccf639fb81fc1eab641e23868f mbs1/x86_64/lib64smbsharemodes-devel-3.6.24-1.mbs1.x86_64.rpm 45056a51e4c41ebb86bab21e78df62cd mbs1/x86_64/lib64wbclient0-3.6.24-1.mbs1.x86_64.rpm c31b128a381e547657952396eede7590 mbs1/x86_64/lib64wbclient-devel-3.6.24-1.mbs1.x86_64.rpm 36869ca0a22dcb523a334a121293eb03 mbs1/x86_64/nss_wins-3.6.24-1.mbs1.x86_64.rpm c98b7f7c44670eadf4df7ab42d68041e mbs1/x86_64/samba-client-3.6.24-1.mbs1.x86_64.rpm a924c018f16a3734b8be0d4b157cc63b mbs1/x86_64/samba-common-3.6.24-1.mbs1.x86_64.rpm 4739d3b441e2bda31c57a153c416dffd mbs1/x86_64/samba-doc-3.6.24-1.mbs1.noarch.rpm e5d882b4109730e6e1140fb5c331cc93 mbs1/x86_64/samba-domainjoin-gui-3.6.24-1.mbs1.x86_64.rpm 78557cd3a93f9a6db311b0940b95780c mbs1/x86_64/samba-server-3.6.24-1.mbs1.x86_64.rpm 87ab3bc9e83c39c7a241beec416f9248 mbs1/x86_64/samba-swat-3.6.24-1.mbs1.x86_64.rpm ee7814bc5bed8befbd34d8fefa17810a mbs1/x86_64/samba-virusfilter-clamav-3.6.24-1.mbs1.x86_64.rpm 00e70fef896d718bd5413db1448fa0f2 mbs1/x86_64/samba-virusfilter-fsecure-3.6.24-1.mbs1.x86_64.rpm 3337db51b8c7fe41e693cc6f346f5191 mbs1/x86_64/samba-virusfilter-sophos-3.6.24-1.mbs1.x86_64.rpm 8e0fe8c410d33219926badef8679afd8 mbs1/x86_64/samba-winbind-3.6.24-1.mbs1.x86_64.rpm 059073b5aed255468492ab52e0c20bef mbs1/SRPMS/samba-3.6.24-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTv4RzmqjQ0CJFipgRAsuDAJ9c+O8dk9RBfKDVbLNKhtbVzm2tEwCfUYAS JbbJFbKtRtq2TvzWIaBu7cU= =9jbb -----END PGP SIGNATURE-----