Bug 8179 - [UPDATE REQUEST] SAMBA -> 4.3.13
: [UPDATE REQUEST] SAMBA -> 4.3.13
Status: CONFIRMED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
https://www.debian.org/security/2017/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-27 18:57 MSD by Vladimir Potapov
Modified: 2017-11-23 14:18 MSK (History)
3 users (show)

See Also:
RPM Package: samba
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Potapov 2017-07-27 18:57:29 MSD
https://abf.io/build_lists/2884245
https://abf.io/build_lists/2884247
Advisory: Update samba to 4.3.13 with many CVEs fixed.
Up min server protocol to SMB2
Comment 1 Zombie Ryushu 2017-11-23 14:18:14 MSK
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues:

    CVE-2017-14746

    Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing a client to compromise a SMB server via malicious SMB1 requests.
    CVE-2017-15275

    Volker Lendecke of SerNet and the Samba team discovered that Samba is prone to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared.