Lucene search

K
centosCentOS ProjectCESA-2011:0305
HistoryMar 03, 2011 - 3:44 a.m.

libsmbclient, samba security update

2011-03-0303:44:46
CentOS Project
lists.centos.org
47

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

91.5%

CentOS Errata and Security Advisory CESA-2011:0305

Samba is a suite of programs used by machines to share files, printers, and
other information.

A flaw was found in the way Samba handled file descriptors. If an attacker
were able to open a large number of file descriptors on the Samba server,
they could flip certain stack bits to “1” values, resulting in the Samba
server (smbd) crashing. (CVE-2011-0719)

Red Hat would like to thank the Samba team for reporting this issue.

Users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the smb service will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-April/079551.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079552.html
https://lists.centos.org/pipermail/centos-announce/2011-March/079422.html
https://lists.centos.org/pipermail/centos-announce/2011-March/079423.html

Affected packages:
libsmbclient
libsmbclient-devel
samba
samba-client
samba-common
samba-swat

Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0305

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

91.5%

Related for CESA-2011:0305