[SECURITY] [DLA 1183-1] samba security update

2017-11-2114:24:47

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.916 High

EPSS

Percentile

98.9%

JSON

Package : samba
Version : 2:3.6.6-6+deb7u15
CVE ID : CVE-2017-15275

Volker Lendecke of SerNet and the Samba team discovered that Samba, a
SMB/CIFS file, print, and login server for Unix, is prone to a heap
memory information leak, where server allocated heap memory may be
returned to the client without being cleared.

For Debian 7 "Wheezy", these problems have been fixed in version
2:3.6.6-6+deb7u15.

We recommend that you upgrade your samba packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8s390xlibsmbclient-dev< 2:4.2.14+dfsg-0+deb8u9libsmbclient-dev_2:4.2.14+dfsg-0+deb8u9_s390x.deb
Debian9amd64samba-vfs-modules-dbgsym< 2:4.5.12+dfsg-2+deb9u1samba-vfs-modules-dbgsym_2:4.5.12+dfsg-2+deb9u1_amd64.deb
Debian9s390xlibparse-pidl-perl< 2:4.5.12+dfsg-2+deb9u1libparse-pidl-perl_2:4.5.12+dfsg-2+deb9u1_s390x.deb
Debian9armhfsamba-vfs-modules< 2:4.5.12+dfsg-2+deb9u1samba-vfs-modules_2:4.5.12+dfsg-2+deb9u1_armhf.deb
Debian8armellibpam-winbind< 2:4.2.14+dfsg-0+deb8u9libpam-winbind_2:4.2.14+dfsg-0+deb8u9_armel.deb
Debian8amd64winbind< 2:4.2.14+dfsg-0+deb8u9winbind_2:4.2.14+dfsg-0+deb8u9_amd64.deb
Debian9s390xsmbclient< 2:4.5.12+dfsg-2+deb9u1smbclient_2:4.5.12+dfsg-2+deb9u1_s390x.deb
Debian7armellibpam-winbind< 2:3.6.6-6+deb7u15libpam-winbind_2:3.6.6-6+deb7u15_armel.deb
Debian8armhfsamba-dev< 2:4.2.14+dfsg-0+deb8u9samba-dev_2:4.2.14+dfsg-0+deb8u9_armhf.deb
Debian9armhfsamba-testsuite-dbgsym< 2:4.5.12+dfsg-2+deb9u1samba-testsuite-dbgsym_2:4.5.12+dfsg-2+deb9u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	s390x	libsmbclient-dev	< 2:4.2.14+dfsg-0+deb8u9	libsmbclient-dev_2:4.2.14+dfsg-0+deb8u9_s390x.deb
Debian	9	amd64	samba-vfs-modules-dbgsym	< 2:4.5.12+dfsg-2+deb9u1	samba-vfs-modules-dbgsym_2:4.5.12+dfsg-2+deb9u1_amd64.deb
Debian	9	s390x	libparse-pidl-perl	< 2:4.5.12+dfsg-2+deb9u1	libparse-pidl-perl_2:4.5.12+dfsg-2+deb9u1_s390x.deb
Debian	9	armhf	samba-vfs-modules	< 2:4.5.12+dfsg-2+deb9u1	samba-vfs-modules_2:4.5.12+dfsg-2+deb9u1_armhf.deb
Debian	8	armel	libpam-winbind	< 2:4.2.14+dfsg-0+deb8u9	libpam-winbind_2:4.2.14+dfsg-0+deb8u9_armel.deb
Debian	8	amd64	winbind	< 2:4.2.14+dfsg-0+deb8u9	winbind_2:4.2.14+dfsg-0+deb8u9_amd64.deb
Debian	9	s390x	smbclient	< 2:4.5.12+dfsg-2+deb9u1	smbclient_2:4.5.12+dfsg-2+deb9u1_s390x.deb
Debian	7	armel	libpam-winbind	< 2:3.6.6-6+deb7u15	libpam-winbind_2:3.6.6-6+deb7u15_armel.deb
Debian	8	armhf	samba-dev	< 2:4.2.14+dfsg-0+deb8u9	samba-dev_2:4.2.14+dfsg-0+deb8u9_armhf.deb
Debian	9	armhf	samba-testsuite-dbgsym	< 2:4.5.12+dfsg-2+deb9u1	samba-testsuite-dbgsym_2:4.5.12+dfsg-2+deb9u1_armhf.deb