-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  samba (SSA:2017-144-01)

New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/samba-4.4.14-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a remote code execution vulnerability, allowing a
  malicious client to upload a shared library to a writable share, and
  then cause the server to load and execute it.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2017-7494.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/samba-3.5.22-i486-2_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/samba-3.5.22-x86_64-2_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/samba-3.5.22-i486-2_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/samba-3.5.22-x86_64-2_slack13.37.txz

Updated package for Slackware 14.0:

Updated package for Slackware x86_64 14.0:

Updated package for Slackware 14.1:

Updated package for Slackware x86_64 14.1:

Updated package for Slackware 14.2:

Updated package for Slackware x86_64 14.2:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 13.1 package:
fbf0d50ebce5e496934ec71e2a469630  samba-3.5.22-i486-2_slack13.1.txz

Slackware x86_64 13.1 package:
26b98c39663aa6bc19341405a462cd5f  samba-3.5.22-x86_64-2_slack13.1.txz

Slackware 13.37 package:
4fd566e8db519817cef6c0dd00b3f3c8  samba-3.5.22-i486-2_slack13.37.txz

Slackware x86_64 13.37 package:
51f6b1c81394f55fc81bb1ae77814deb  samba-3.5.22-x86_64-2_slack13.37.txz

Slackware 14.0 package:
527dfcc8594234c66c6993abb4eaa51c  samba-4.4.14-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
208596f558cb9779c9dbcaf952f87f84  samba-4.4.14-x86_64-1_slack14.0.txz

Slackware 14.1 package:
65f28566c666b4b5f3e33d67372525ef  samba-4.4.14-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
ddfa90d4c72cb065b52a150aa898043d  samba-4.4.14-x86_64-1_slack14.1.txz

Slackware 14.2 package:
b533e541453620b47b2ce769aa73e0e2  samba-4.4.14-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
a61aef22c3ea498bdbb8caba0ec8ff85  samba-4.4.14-x86_64-1_slack14.2.txz

Slackware -current package:
8e4bce86a15b0b6bb85b0b6894d8c587  n/samba-4.6.4-i586-1.txz

Slackware x86_64 -current package:
691f1e10acad26dbb0ddd268ed5415d0  n/samba-4.6.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg samba-4.4.14-i586-1_slack14.2.txz

Then, if Samba is running restart it:

# /etc/rc.d/rc.samba restart


+-----+

Slackware: 2017-144-01: samba Security Update

May 24, 2017
New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/samba-4.4.14-i586-1_slack14.2.txz: Upgraded. This update fixes a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. For more information, see: https://www.samba.org/samba/security/CVE-2017-7494.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/samba-3.5.22-i486-2_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/samba-3.5.22-x86_64-2_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/samba-3.5.22-i486-2_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/samba-3.5.22-x86_64-2_slack13.37.txz
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 13.1 package: fbf0d50ebce5e496934ec71e2a469630 samba-3.5.22-i486-2_slack13.1.txz
Slackware x86_64 13.1 package: 26b98c39663aa6bc19341405a462cd5f samba-3.5.22-x86_64-2_slack13.1.txz
Slackware 13.37 package: 4fd566e8db519817cef6c0dd00b3f3c8 samba-3.5.22-i486-2_slack13.37.txz
Slackware x86_64 13.37 package: 51f6b1c81394f55fc81bb1ae77814deb samba-3.5.22-x86_64-2_slack13.37.txz
Slackware 14.0 package: 527dfcc8594234c66c6993abb4eaa51c samba-4.4.14-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 208596f558cb9779c9dbcaf952f87f84 samba-4.4.14-x86_64-1_slack14.0.txz
Slackware 14.1 package: 65f28566c666b4b5f3e33d67372525ef samba-4.4.14-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: ddfa90d4c72cb065b52a150aa898043d samba-4.4.14-x86_64-1_slack14.1.txz
Slackware 14.2 package: b533e541453620b47b2ce769aa73e0e2 samba-4.4.14-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: a61aef22c3ea498bdbb8caba0ec8ff85 samba-4.4.14-x86_64-1_slack14.2.txz
Slackware -current package: 8e4bce86a15b0b6bb85b0b6894d8c587 n/samba-4.6.4-i586-1.txz
Slackware x86_64 -current package: 691f1e10acad26dbb0ddd268ed5415d0 n/samba-4.6.4-x86_64-1.txz

Severity
[slackware-security] samba (SSA:2017-144-01)
New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg samba-4.4.14-i586-1_slack14.2.txz Then, if Samba is running restart it: # /etc/rc.d/rc.samba restart

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved