Debian: DSA-3514-1: samba security update

    Date12 Mar 2016
    CategoryDebian
    49
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues:
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3514-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                     Salvatore Bonaccorso
    March 12, 2016                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : samba
    CVE ID         : CVE-2015-7560 CVE-2016-0771
    Debian Bug     : 812429
    
    Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
    print, and login server for Unix. The Common Vulnerabilities and
    Exposures project identifies the following issues:
    
    CVE-2015-7560
    
        Jeremy Allison of Google, Inc. and the Samba Team discovered that
        Samba incorrectly handles getting and setting ACLs on a symlink
        path. An authenticated malicious client can use SMB1 UNIX extensions
        to create a symlink to a file or directory, and then use non-UNIX
        SMB1 calls to overwrite the contents of the ACL on the file or
        directory linked to.
    
    CVE-2016-0771
    
        Garming Sam and Douglas Bagnall of Catalyst IT discovered that Samba
        is vulnerable to an out-of-bounds read issue during DNS TXT record
        handling, if Samba is deployed as an AD DC and chosen to run the
        internal DNS server. A remote attacker can exploit this flaw to
        cause a denial of service (Samba crash), or potentially, to allow
        leakage of memory from the server in the form of a DNS TXT reply.
    
    Additionally this update includes a fix for a regression introduced due
    to the upstream fix for CVE-2015-5252 in DSA-3433-1 in setups where the
    share path is '/'.
    
    For the oldstable distribution (wheezy), these problems have been fixed
    in version 2:3.6.6-6+deb7u7. The oldstable distribution (wheezy) is not
    affected by CVE-2016-0771.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 2:4.1.17+dfsg-2+deb8u2.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 2:4.3.6+dfsg-1.
    
    We recommend that you upgrade your samba packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":32,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.