-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:141 http://www.mandriva.com/security/ _______________________________________________________________________ Package : samba Date : July 27, 2010 Affected: 2010.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in samba: The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value (CVE-2010-1635). The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request (CVE-2010-1642). The updated packages provides samba 3.4.8 which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1635 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1642 http://samba.org/samba/history/samba-3.4.8.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: 7448da14d3cd38e46ef194ce171215c4 2010.0/i586/libnetapi0-3.4.8-0.1mdv2010.0.i586.rpm 06c3fc5e7c685893a18fc6f4d8a2922a 2010.0/i586/libnetapi-devel-3.4.8-0.1mdv2010.0.i586.rpm 68ab1439a074c1f8d4662d9ee5799076 2010.0/i586/libsmbclient0-3.4.8-0.1mdv2010.0.i586.rpm a10ab609798c947213f372c19b325dd5 2010.0/i586/libsmbclient0-devel-3.4.8-0.1mdv2010.0.i586.rpm 009d6e6bd9f84f9cee5b07930425b955 2010.0/i586/libsmbclient0-static-devel-3.4.8-0.1mdv2010.0.i586.rpm 0e1188b9bae8a6cfee48a6a1e09551f1 2010.0/i586/libsmbsharemodes0-3.4.8-0.1mdv2010.0.i586.rpm 309d86578c162b1df920f63f8c557b43 2010.0/i586/libsmbsharemodes-devel-3.4.8-0.1mdv2010.0.i586.rpm ba544bd939276b14d73b3b2101b754dc 2010.0/i586/libwbclient0-3.4.8-0.1mdv2010.0.i586.rpm d2441a3fbabd411a0b10dc3de9e0b1ab 2010.0/i586/libwbclient-devel-3.4.8-0.1mdv2010.0.i586.rpm ed856faed4546f7984a5b97fd56e8a1c 2010.0/i586/mount-cifs-3.4.8-0.1mdv2010.0.i586.rpm 81983af0fd7c6d5ac2eaba11ff56039e 2010.0/i586/nss_wins-3.4.8-0.1mdv2010.0.i586.rpm d9e710c53bd905be68601fd3f72e1624 2010.0/i586/samba-client-3.4.8-0.1mdv2010.0.i586.rpm 99097a7153e6694bd94d078c31de0cb4 2010.0/i586/samba-common-3.4.8-0.1mdv2010.0.i586.rpm dfa4a8a6ed149ca3cf1aa5af62b517fe 2010.0/i586/samba-doc-3.4.8-0.1mdv2010.0.i586.rpm 77d65fb7fed8dad1f23863df8e90d810 2010.0/i586/samba-server-3.4.8-0.1mdv2010.0.i586.rpm dd3e5136d2e9955c15273eafe0a68285 2010.0/i586/samba-swat-3.4.8-0.1mdv2010.0.i586.rpm b77cad772f69755e270076bc9bce9e85 2010.0/i586/samba-winbind-3.4.8-0.1mdv2010.0.i586.rpm 108c4366915b69a5d16cf9e550c1a07c 2010.0/SRPMS/samba-3.4.8-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: dc3ea8121670006d7f6cf03e55bc6847 2010.0/x86_64/lib64netapi0-3.4.8-0.1mdv2010.0.x86_64.rpm 667c0a292b645a34e0ef69f868b50c1e 2010.0/x86_64/lib64netapi-devel-3.4.8-0.1mdv2010.0.x86_64.rpm 86867f07f941e401d729da99db8999c7 2010.0/x86_64/lib64smbclient0-3.4.8-0.1mdv2010.0.x86_64.rpm 4bf349bed200e12b58a7b770bb380a4d 2010.0/x86_64/lib64smbclient0-devel-3.4.8-0.1mdv2010.0.x86_64.rpm 166403ad036554045969d15c5d7930ce 2010.0/x86_64/lib64smbclient0-static-devel-3.4.8-0.1mdv2010.0.x86_64.rpm a27c18efe52f8bd84e3c9fe0397330f5 2010.0/x86_64/lib64smbsharemodes0-3.4.8-0.1mdv2010.0.x86_64.rpm 321fb245fffeaf5eb51a2374a98d82aa 2010.0/x86_64/lib64smbsharemodes-devel-3.4.8-0.1mdv2010.0.x86_64.rpm 5c2e728292c68ba9e2792243884aec1e 2010.0/x86_64/lib64wbclient0-3.4.8-0.1mdv2010.0.x86_64.rpm 2592b742d650311a8e41c424108fea35 2010.0/x86_64/lib64wbclient-devel-3.4.8-0.1mdv2010.0.x86_64.rpm 24aba98967dc4d1344761042c3f690b8 2010.0/x86_64/mount-cifs-3.4.8-0.1mdv2010.0.x86_64.rpm 6ee9b8449e0f3098c97ee3375b4ac1fa 2010.0/x86_64/nss_wins-3.4.8-0.1mdv2010.0.x86_64.rpm 8d965d364efd1811663942e994177613 2010.0/x86_64/samba-client-3.4.8-0.1mdv2010.0.x86_64.rpm 7b12626da40ff3a0d99af999b4025031 2010.0/x86_64/samba-common-3.4.8-0.1mdv2010.0.x86_64.rpm d85b87de309397eaef937367f692a162 2010.0/x86_64/samba-doc-3.4.8-0.1mdv2010.0.x86_64.rpm 2072d71d0788f78ae0fbaee6c8d6ffcb 2010.0/x86_64/samba-server-3.4.8-0.1mdv2010.0.x86_64.rpm 88efc944e7a50f88c461fc8396680a71 2010.0/x86_64/samba-swat-3.4.8-0.1mdv2010.0.x86_64.rpm e1cdabf9142b48ec1d4573162d48cdf1 2010.0/x86_64/samba-winbind-3.4.8-0.1mdv2010.0.x86_64.rpm 108c4366915b69a5d16cf9e550c1a07c 2010.0/SRPMS/samba-3.4.8-0.1mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMTuDAmqjQ0CJFipgRAq+cAKCGuYjBRT4imHhGvLBBoECfH1aeMACfS8Ds WGQC7SJBb9VtWWkuTKJenpQ= =U4M8 -----END PGP SIGNATURE-----