Slackware: 2017-332-01 Critical: Samba Memory Leak Exploit
slackware
November 28, 2017
New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues
Summary
Here are the details from the Slackware 14.2 ChangeLog: patches/packages/samba-4.4.16-i586-2_slack14.2.txz: Rebuilt. This is a security update in order to patch the following defects: CVE-2017-14746 (Use-after-free vulnerability.) All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. CVE-2017-15275 (Server heap memory information leak.) All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared. For more information, see: https://www.cve.org/CVERecord?id=CVE-2017-14746 https://www.cve.org/CVERecord?id=CVE-2017-15275 (* Security fix *)
Topics Covered
Where Find New Packages
Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:
MD5 Signatures
Slackware 14.0 package:
7425e85c12fbb6437972750ad82076f9 samba-4.4.16-i486-2_slack14.0.txz
Slackware x86_64 14.0 package:
3db6126ef7d2396674a084c8f4b40ea3 samba-4.4.16-x86_64-2_slack14.0.txz
Slackware 14.1 package:
b617e553d66d1c1c80e3453048a672aa samba-4.4.16-i486-2_slack14.1.txz
Slackware x86_64 14.1 package:
763f7ecd40588d020fbe8c04092e4a58 samba-4.4.16-x86_64-2_slack14.1.txz
Slackware 14.2 package:
8751de79b4a099637e4325a22855f7b2 samba-4.4.16-i586-2_slack14.2.txz
Slackware x86_64 14.2 package:
2bf34a7fde12b6eac358780b7bf14d9d samba-4.4.16-x86_64-2_slack14.2.txz
Slackware -current package:
6e3e2157dac69e0eeb8d8f51152804c2 n/samba-4.7.3-i586-1.txz
Slackware x86_64 -current package:
565ddcb96f06d703d5728170b162d4ea n/samba-4.7.3-x86_64-1.txz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the package as root: # upgradepkg samba-4.4.16-i586-2_slack14.2.txz Then, if Samba is running restart it: # /etc/rc.d/rc.samba restart
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!