ROSA Linux Bugzilla – Bug 8179
[UPDATE REQUEST] SAMBA -> 4.3.13
Last modified: 2017-11-23 14:18:14 MSK
Advisory: Update samba to 4.3.13 with many CVEs fixed.
Up min server protocol to SMB2
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues:
Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing a client to compromise a SMB server via malicious SMB1 requests.
Volker Lendecke of SerNet and the Samba team discovered that Samba is prone to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared.