Mandriva Linux Security Advisory 2015-081 - An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).
fa2365b1ed1e17c66739c446a1c933e66dcd0dca5792983245ef2a8408c4c002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:081
https://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : samba
Date : March 28, 2015
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated samba packages fix security vulnerabilities:
An uninitialized pointer use flaw was found in the Samba daemon
(smbd). A malicious Samba client could send specially crafted netlogon
packets that, when processed by smbd, could potentially lead to
arbitrary code execution with the privileges of the user running smbd
(by default, the root user) (CVE-2015-0240).
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
https://advisories.mageia.org/MGASA-2015-0084.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
4ac8f8f9652ad4ca155e19153c6899c8 mbs1/x86_64/lib64netapi0-3.6.25-1.mbs1.x86_64.rpm
70811f103aaf352706212264cd1bdd07 mbs1/x86_64/lib64netapi-devel-3.6.25-1.mbs1.x86_64.rpm
124038bf590e4b24d44032ff319877cb mbs1/x86_64/lib64smbclient0-3.6.25-1.mbs1.x86_64.rpm
8654538cb5fe0ec9f4e1f843b48bfe3e mbs1/x86_64/lib64smbclient0-devel-3.6.25-1.mbs1.x86_64.rpm
0a0b66090334e58925651eaf5a93db4b mbs1/x86_64/lib64smbclient0-static-devel-3.6.25-1.mbs1.x86_64.rpm
af20d1ba0b94c53e49dcd62e9dc2862b mbs1/x86_64/lib64smbsharemodes0-3.6.25-1.mbs1.x86_64.rpm
5e52b9faf84405b9082073077e573b2c mbs1/x86_64/lib64smbsharemodes-devel-3.6.25-1.mbs1.x86_64.rpm
46a0608a84712e469dd32918391e8c3d mbs1/x86_64/lib64wbclient0-3.6.25-1.mbs1.x86_64.rpm
b9244f130c1bdfc160d3d720088e38ba mbs1/x86_64/lib64wbclient-devel-3.6.25-1.mbs1.x86_64.rpm
c715497f62eeeafa889ff7471c79bdfc mbs1/x86_64/nss_wins-3.6.25-1.mbs1.x86_64.rpm
d22d02173ec97c95eb7328024b9e82ee mbs1/x86_64/samba-client-3.6.25-1.mbs1.x86_64.rpm
00bd57d9b85d09366628b1f46505bd85 mbs1/x86_64/samba-common-3.6.25-1.mbs1.x86_64.rpm
9d4637b0de9d912bcd5506fed360d0a2 mbs1/x86_64/samba-doc-3.6.25-1.mbs1.noarch.rpm
7d7f6be0de70100422674ae8cf5172a5 mbs1/x86_64/samba-domainjoin-gui-3.6.25-1.mbs1.x86_64.rpm
55ea454169eb18e357a656872b9b6254 mbs1/x86_64/samba-server-3.6.25-1.mbs1.x86_64.rpm
8ee941751deb9362569b7d6396747408 mbs1/x86_64/samba-swat-3.6.25-1.mbs1.x86_64.rpm
05f58113d2b78614278ee9698d297e49 mbs1/x86_64/samba-virusfilter-clamav-3.6.25-1.mbs1.x86_64.rpm
c8ed9bb7d1636d82ca1aad0100d058a4 mbs1/x86_64/samba-virusfilter-fsecure-3.6.25-1.mbs1.x86_64.rpm
658617b2a62a7aba97bba8a0b81e2962 mbs1/x86_64/samba-virusfilter-sophos-3.6.25-1.mbs1.x86_64.rpm
c8071cdc97727ad4749c522f8eb7e1ba mbs1/x86_64/samba-winbind-3.6.25-1.mbs1.x86_64.rpm
ee22c6311d482ec4a8358d2d4a2a48e0 mbs1/SRPMS/samba-3.6.25-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFlNBmqjQ0CJFipgRAne5AJ4l/PaNKpbcDYC6cDmOgUTaiaedoACgm+Bk
2v2AIePJXBUsvmVJ9qs7z0M=
=ZeNI
-----END PGP SIGNATURE-----