SUSE: 2012:0515-1 Critical: Samba Security Patch Release
suse
April 17, 2012
An update that contains security fixes can now be installed
Summary
The following issues have been fixed in Samba: * CVE-2012-1182: PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size * CVE-2012-0870: Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions * CVE-2012-0817: Fix memory leak in parent smbd on connection Also the following non-security bugs have been fixed: * s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). * Correctly handle DENY ACEs when privileges apply; (bso#8797). * s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). * Allow vfs_aio_pthread to build as a static module; (bso#8723). * s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527).
Topics Covered
References
#732395 #732572 #741854 #743986 #746825 #747934
#751454 #752797 #757080
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2012:0515-1
Rating: critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!