[SECURITY] [DSA 2966-1] samba security update

2014-06-2309:38:29

lists.debian.org

2.7 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:N/I:N/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON

Debian Security Advisory DSA-2966-1 [email protected]
http://www.debian.org/security/ Yves-Alexis Perez
June 23, 2014 http://www.debian.org/security/faq

Package : samba
CVE ID : CVE-2014-0178 CVE-2014-0244 CVE-2014-3493
Debian Bug :

Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS
file, print, and login server:

CVE-2014-0178

Information leak vulnerability in the VFS code, allowing an
authenticated user to retrieve eight bytes of uninitialized memory
when shadow copy is enabled.

CVE-2014-0244

Denial of service (infinite CPU loop) in the nmbd Netbios name
service daemon. A malformed packet can cause the nmbd server to
enter an infinite loop, preventing it to process later requests to
the Netbios name service.

CVE-2014-3493

Denial of service (daemon crash) in the smbd file server daemon. An
authenticated user attempting to read a Unicode path using a
non-Unicode request can force the daemon to overwrite memory at an
invalid address.

For the stable distribution (wheezy), these problems have been fixed in
version 2:3.6.6-6+deb7u4.

For the testing distribution (jessie), these problems have been fixed in
version 2:4.1.9+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 2:4.1.9+dfsg-1.

We recommend that you upgrade your samba packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7powerpclibwbclient-dev< 2:3.6.6-6+deb7u4libwbclient-dev_2:3.6.6-6+deb7u4_powerpc.deb
Debian7powerpclibwbclient0< 2:3.6.6-6+deb7u4libwbclient0_2:3.6.6-6+deb7u4_powerpc.deb
Debian7s390libpam-winbind< 2:3.6.6-6+deb7u4libpam-winbind_2:3.6.6-6+deb7u4_s390.deb
Debian7mipslibwbclient-dev< 2:3.6.6-6+deb7u4libwbclient-dev_2:3.6.6-6+deb7u4_mips.deb
Debian7armhfswat< 2:3.6.6-6+deb7u4swat_2:3.6.6-6+deb7u4_armhf.deb
Debian7i386winbind< 2:3.6.6-6+deb7u4winbind_2:3.6.6-6+deb7u4_i386.deb
Debian7sparcwinbind< 2:3.6.6-6+deb7u4winbind_2:3.6.6-6+deb7u4_sparc.deb
Debian7mipslibpam-winbind< 2:3.6.6-6+deb7u4libpam-winbind_2:3.6.6-6+deb7u4_mips.deb
Debian7kfreebsd-i386samba< 2:3.6.6-6+deb7u4samba_2:3.6.6-6+deb7u4_kfreebsd-i386.deb
Debian7powerpcwinbind< 2:3.6.6-6+deb7u4winbind_2:3.6.6-6+deb7u4_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	powerpc	libwbclient-dev	< 2:3.6.6-6+deb7u4	libwbclient-dev_2:3.6.6-6+deb7u4_powerpc.deb
Debian	7	powerpc	libwbclient0	< 2:3.6.6-6+deb7u4	libwbclient0_2:3.6.6-6+deb7u4_powerpc.deb
Debian	7	s390	libpam-winbind	< 2:3.6.6-6+deb7u4	libpam-winbind_2:3.6.6-6+deb7u4_s390.deb
Debian	7	mips	libwbclient-dev	< 2:3.6.6-6+deb7u4	libwbclient-dev_2:3.6.6-6+deb7u4_mips.deb
Debian	7	armhf	swat	< 2:3.6.6-6+deb7u4	swat_2:3.6.6-6+deb7u4_armhf.deb
Debian	7	i386	winbind	< 2:3.6.6-6+deb7u4	winbind_2:3.6.6-6+deb7u4_i386.deb
Debian	7	sparc	winbind	< 2:3.6.6-6+deb7u4	winbind_2:3.6.6-6+deb7u4_sparc.deb
Debian	7	mips	libpam-winbind	< 2:3.6.6-6+deb7u4	libpam-winbind_2:3.6.6-6+deb7u4_mips.deb
Debian	7	kfreebsd-i386	samba	< 2:3.6.6-6+deb7u4	samba_2:3.6.6-6+deb7u4_kfreebsd-i386.deb
Debian	7	powerpc	winbind	< 2:3.6.6-6+deb7u4	winbind_2:3.6.6-6+deb7u4_powerpc.deb