Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Gentoo: 202305-22 Critical: Nginx Remote Exploit And Service Interruption

gentoo
Calendar Grey February 25, 2015
Dist Gentoo Esm H88
Multiple weaknesses found in Samba allow malicious actors to bypass file access controls and run unauthorized code; it is recommended to perform updates.
Multiple vulnerabilities have been found in Samba, the worst of which allowing a context-dependent attacker to bypass intended file restrictions, cause a Denial of Service or execu...

Summary

Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory high severity code execution Denial of Service security threat Gentoo Linux Samba issues

Resolution

All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-3.6.25"

References

[ 1 ] CVE-2012-6150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6150 [ 2 ] CVE-2013-4124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4124 [ 3 ] CVE-2013-4408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4408 [ 4 ] CVE-2013-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4475 [ 5 ] CVE-2013-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4476 [ 6 ] CVE-2013-4496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4496 [ 7 ] CVE-2014-0178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0178 [ 8 ] CVE-2014-0239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0239 [ 9 ] CVE-2014-0244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0244 [ 10 ] CVE-2014-3493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3493 [ 11 ] CVE-2015-0240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0240

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201502-15
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: Samba: Multiple vulnerabilities
Date: February 25, 2015
Bugs: #479868, #491070, #493664, #504494, #511764, #514676, #541182
ID: 201502-15

Topics%20covered

Topics Covered

security advisory high severity code execution Denial of Service security threat Gentoo Linux Samba issues

Synopsis

Multiple vulnerabilities have been found in Samba, the worst of which allowing a context-dependent attacker to bypass intended file restrictions, cause a Denial of Service or execute arbitrary code.

Background

Samba is a suite of SMB and CIFS client/server programs.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/samba < 3.6.25 >= 3.6.25

Impact

===== A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, bypass intended file restrictions, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Related News

Your message here