Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Gentoo Linux: GLSA-201612-47 Normal: Samba Remote Code Execution Risk

gentoo
Calendar Grey December 24, 2016
Dist Gentoo Esm H88
Several security flaws in Samba may permit remote code execution with administrative rights. It is advisable to update promptly for enhanced protection.
Multiple vulnerabilities have been found in Samba, the worst of which may allow execution of arbitrary code with root privileges.

Summary

Multiple vulnerabilities have been discovered in samba. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory denial of service gentoo remote access arbitrary code execution samba normal severity

Resolution

All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-4.2.11"

References

[ 1 ] CVE-2015-3223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3223 [ 2 ] CVE-2015-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5252 [ 3 ] CVE-2015-5296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5296 [ 4 ] CVE-2015-5299 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5299 [ 5 ] CVE-2015-5330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5330 [ 6 ] CVE-2015-7540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7540 [ 7 ] CVE-2015-8467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8467 [ 8 ] CVE-2016-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2110 [ 9 ] CVE-2016-2111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2111 [ 10 ] CVE-2016-2112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2112 [ 11 ] CVE-2016-2113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2113 [ 12 ] CVE-2016-2114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2114 [ 13 ] CVE-2016-2115 http://nvd.nist.gov/nvd.cfm?cvena...

Read the Full Advisory

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-47
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: Samba: Multiple vulnerabilities
Date: December 24, 2016
Bugs: #568432, #578004
ID: 201612-47

Topics%20covered

Topics Covered

security advisory denial of service gentoo remote access arbitrary code execution samba normal severity

Synopsis

Multiple vulnerabilities have been found in Samba, the worst of which may allow execution of arbitrary code with root privileges.

Background

Samba is a suite of SMB and CIFS client/server programs.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/samba < 4.2.11 >= 4.2.11

Impact

===== A remote attacker could possibly execute arbitrary code with root privileges, cause a Denial of Service condition, conduct a man-in-the-middle attack, obtain sensitive information, or bypass file permissions.

Workaround

There is no known workaround at this time.

Related News

Your message here