Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisoryremote accessUbuntuUbuntu 16.04 LTS: USN-4030-1 Critical: Web2py Remote Access Risk
Several security issues were fixed in web2py.. =========================================================== =============Ubuntu Security Notice USN-4030-1 June 21, 2019 web2py vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in web2py. Software Description: - web2py: High-level Python web development framework Details: It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. (CVE-2016-10321) It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. (CVE-2016-3952) It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. (CVE-2016-3953, CVE-2016-3954, CVE-2016-3957) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: python-gluon 2.12.3-1ubuntu0.1 python-web2py 2.12.3-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4030-1 CVE-2016-10321, CVE-2016-3952, CVE-2016-3953, CVE-2016-3954, CVE-2016-3957 Package Information: https://launchpad.net/ubuntu/+source/web2py/2.12.3-1ubuntu0.1 . Multiple vulnerabilities addressed in web2py to mitigate brute-force and unauthorized access threats on Ubuntu platforms.. web2py vulnerabilities, Ubuntu security, web development risks. . Severity: Critical. LinuxSecurity.com Team
Jun 21, 2019
•Critical
Ubuntu
98
security advisoryaccess controlRed Hat Enterprise LinuxRed Hat: RHSA-2016-2594-02 Moderate: 389-ds-base Security Update
An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: 389-ds-base security, bug fix, and enhancement update Advisory ID: RHSA-2016:2594-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:2594.html Issue date: 2016-11-03 CVE Names: CVE-2016-4992 CVE-2016-5405 CVE-2016-5416 ==================================================================== 1. Summary: An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. The following packages have been upgraded to a newer upstream version: 389-ds-base (1.3.5.10). (BZ#1270020) Security Fix(es): * It was found that 389 Directory Server was vulnerable to aflaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information. (CVE-2016-5416) * An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not. (CVE-2016-4992) * It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries. (CVE-2016-5405) The CVE-2016-5416 issue was discovered by Viktor Ashirov (Red Hat); the CVE-2016-4992 issue was discovered by Petr Spacek (Red Hat) and Martin Basti (Red Hat); and the CVE-2016-5405 issue was discovered by William Brown (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the 389 server service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 190862 - [RFE] Default password syntax settings don't work with fine-grained policies 1018944 - [RFE] Enhance password change tracking 1143066 - [RFE] The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid 1160902 - search, matching rules and filter error "unsupported type 0xA9" 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) 1209128 - [RFE] Add a utility to get the status of Directory Server instances 1210842 - Add PIDFile option to systemd service file 1223510 - nsslapd-maxbersize should be ignored in replication 1229799 - 389-ds-base: ldclt-bin killed by SIGSEGV 1249908 -No validation check for the value for nsslapd-db-locks. 1254887 - No man page entry for - option '-u' of dbgen.pl for adding group entries with uniquemembers1255557 - db2index creates index entry from deleted records 1257568 - /usr/lib64/dirsrv/libnunc-stans.so is owned by both -libs and -devel 1258610 - total update request must not be lost 1258611 - dna plugin needs to handle binddn groups for authorization 1259950 - Add config setting to MemberOf Plugin to add required objectclass got memberOf attribute 1266510 - Linked Attributes plug-in - wrong behaviour when adding valid and broken links 1266532 - Linked Attributes plug-in - won't update links after MODRDN operation 1267750 - pagedresults - when timed out, search results could have been already freed. 1269378 - ds-logpipe.py with wrong arguments - python exception in the output 1270020 - Rebase 389-ds-base to 1.3.5 in RHEL-7.3 1271330 - nunc-stans: Attempt to release connection that is not acquired 1273142 - crash in Managed Entry plugin 1273549 - [RFE] Improve timestamp resolution in logs 1273550 - Deadlock between two MODs on the same entry between entry cache and backend lock 1273555 - deadlock in mep delete post op 1275763 - [RFE] add setup-ds.pl option to disable instance specific scripts 1278567 - SimplePagedResults -- abandon could happen between the abandon check and sending results 1278584 - Share nsslapd-threadnumber in the case nunc-stans is enabled, as well. 1278755 - deadlock on connection mutex 1278987 - Cannot upgrade a consumer to supplier in a multimaster environment 1280123 - acl - regression - trailing ', (comma)' in macro matched value is not removed. 1280456 - setup-ds should detect if port is already defined 1288229 - many attrlist_replace errors in connection with cleanallruv 1290101 - proxyauth support does not work when bound as directory manager 1290111 - [RFE] Support for rfc3673 '+' to return operational attributes 1290141 - With exhausted range, part of DNA shared configuration is deleted after server restart 1290242 -SimplePagedResults -- in the search error case, simple paged results slot was not released. 1290600 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same ldapmodify operation 1296310 - ldclt - segmentation fault error while binding 1301097 - logconv.pl displays negative operation speeds 1302823 - Crash in slapi_get_object_extension 1303641 - heap corruption at schema replication. 1303794 - Import readNSState.py from RichM's repo 1304682 - "stale" automember rule (associated to a removed group) causes discrepancies in the database 1307151 - keep alive entries can break replication 1310848 - Supplier can skip a failing update, although it should retry. 1312557 - dirsrv service fails to start when nsslapd-listenhost is configured 1314557 - change severity of some messages related to "keep alive" entries 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" 1315893 - License tag does not match actual license of code 1316328 - search returns no entry when OR filter component contains non readable attribute 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing 1316731 - syncrepl search returning error 329; plugin sending a bad error code 1316741 - ldctl should support -H with ldap uris 1316742 - no plugin calls in tombstone purging 1319329 - add nsslapd-auditlog-logging-enabled: off to template-dse.ldif 1320295 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged. 1320715 - DES to AES password conversion fails if a backend is empty 1321124 - Replication changelog can incorrectly skip over updates 1326077 - Page result search should return empty cookie if there is no returned entry 1326520 - db2index uses a buffer size derived from dbcachesize 1328936 - objectclass values could be dropped on the consumer 1329061 - 389-ds-base-1.3.4.0-29.el7_2 "hang" 1331343 - Paged results search returns the blank list of entries 1332533 - ns-accountstatus.pl gives errormessage on execution along with results. 1332709 - password history is not updated when an admin resets the password 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. 1333515 - Enable DS to offer weaker DH params in NSS 1334455 - db2ldif is not taking into account multiple suffixes or backends 1335492 - Modifier's name is not recorded in the audit log with modrdn and moddn operations 1335618 - Server ram sanity checks work in isolation 1338872 - Wrong result code display in audit-failure log 1340307 - Running db2index with no options breaks replication 1342609 - At startup DES to AES password conversion causes timeout in start script 1344414 - [RFE] adding pre/post extop ability 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation 1349540 - CVE-2016-5416 389-ds-base: ACI readable by anonymous user 1349571 - Improve MMR replication convergence 1349577 - Values of dbcachetries/dbcachehits in cn=monitor could overflow. 1350632 - ns-slapd shutdown crashes if pwdstorageschema name is from stack. 1353592 - Setup-ds.pl --update fails 1353629 - DS shuts down automatically if dnaThreshold is set to 0 in a MMR setup 1353714 - If a cipher is disabled, do not attempt to look it up 1354374 - Upgrade to 389-ds-base > = 1.3.5.5 doesn't install 389-ds-base-snmp 1354660 - flow control in replication also blocks receiving results 1355879 - nunc-stans: ns-slapd crashes during startup with SIGILL on AMD Opteron 280 1356261 - Fixup tombstone task needs to set proper flag when updating tombstones 1358865 - CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack 1360327 - remove-ds.pl deletes an instance even if wrong prefix was specified 1360447 - nsslapd-workingdir is empty when ns-slapd is started by systemd 1361134 - When fine-grained policy is applied, a sub-tree has a priority over a user while changing password 1361321 - Duplicate collation entries 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc 1368520 - Crash inimport_wait_for_space_in_fifo(). 1368956 - man page of ns-accountstatus.pl shows redundant entries for -p port option 1369537 - passwordMinAge attribute doesn't limit the minimum age of the password 1369570 - cleanallruv changelog cleaning incorrectly impacts all backends 1370300 - set proper update status to replication agreement in case of failure 1371283 - Server Side Sorting crashes the server. 1371284 - Disabling CLEAR password storage scheme will crash server when setting a password 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: 389-ds-base-1.3.5.10-11.el7.src.rpm x86_64: 389-ds-base-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-debuginfo-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-devel-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-libs-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-snmp-1.3.5.10-11.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: 389-ds-base-1.3.5.10-11.el7.src.rpm x86_64: 389-ds-base-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-debuginfo-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-devel-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-libs-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-snmp-1.3.5.10-11.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: 389-ds-base-1.3.5.10-11.el7.src.rpm aarch64: 389-ds-base-1.3.5.10-11.el7.aarch64.rpm 389-ds-base-debuginfo-1.3.5.10-11.el7.aarch64.rpm 389-ds-base-libs-1.3.5.10-11.el7.aarch64.rpm ppc64le: 389-ds-base-1.3.5.10-11.el7.ppc64le.rpm 389-ds-base-debuginfo-1.3.5.10-11.el7.ppc64le.rpm 389-ds-base-libs-1.3.5.10-11.el7.ppc64le.rpm x86_64: 389-ds-base-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-debuginfo-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-libs-1.3.5.10-11.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): aarch64: 389-ds-base-debuginfo-1.3.5.10-11.el7.aarch64.rpm 389-ds-base-devel-1.3.5.10-11.el7.aarch64.rpm 389-ds-base-snmp-1.3.5.10-11.el7.aarch64.rpm ppc64le: 389-ds-base-debuginfo-1.3.5.10-11.el7.ppc64le.rpm 389-ds-base-devel-1.3.5.10-11.el7.ppc64le.rpm 389-ds-base-snmp-1.3.5.10-11.el7.ppc64le.rpm x86_64: 389-ds-base-debuginfo-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-devel-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-snmp-1.3.5.10-11.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: 389-ds-base-1.3.5.10-11.el7.src.rpm x86_64: 389-ds-base-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-debuginfo-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-libs-1.3.5.10-11.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: 389-ds-base-debuginfo-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-devel-1.3.5.10-11.el7.x86_64.rpm 389-ds-base-snmp-1.3.5.10-11.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-4992 https://access.redhat.com/security/cve/CVE-2016-5405 https://access.redhat.com/security/cve/CVE-2016-5416 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGvy7XlSAg2UNWIIRAkpgAJ46Jzb0AJbiVWlv0EH6YPUEWY+K9ACgucKZ kqpJJ4JPlQdxdNHxSMdXq8Y=6O9X -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 03, 2016
Red Hat
98
security advisorymoderatesecurity updateRed Hat Enterprise Linux 6 RHSA-2014:0383-01 Moderate: Samba4 Security Fix
Updated samba4 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: samba4 security update Advisory ID: RHSA-2014:0383-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0383.html Issue date: 2014-04-09 CVE Names: CVE-2012-6150 CVE-2013-4496 CVE-2013-6442 ==================================================================== 1. Summary: Updated samba4 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba's "smbcacls" command, which is used to set or get ACLs on SMB file shares. Certain command line options of this command would incorrectly remove an ACL previously appliedon a file or a directory, leaving the file or directory without the intended ACL. (CVE-2013-6442) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and CVE-2013-6442, and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496, and Noel Power as the original reporter of CVE-2013-6442. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036897 - CVE-2012-6150 samba: pam_winbind fails open when non-existent group specified to require_membership_of 1044099 - CVE-2013-6442 samba: smbcacls will delete ACL lists in certain circumstances 1072792 - CVE-2013-4496 samba: Password lockout not enforced for SAMR password changes 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: i386: samba4-4.0.0-61.el6_5.rc4.i686.rpm samba4-client-4.0.0-61.el6_5.rc4.i686.rpm samba4-common-4.0.0-61.el6_5.rc4.i686.rpm samba4-dc-4.0.0-61.el6_5.rc4.i686.rpm samba4-dc-libs-4.0.0-61.el6_5.rc4.i686.rpm samba4-debuginfo-4.0.0-61.el6_5.rc4.i686.rpm samba4-devel-4.0.0-61.el6_5.rc4.i686.rpm samba4-libs-4.0.0-61.el6_5.rc4.i686.rpm samba4-pidl-4.0.0-61.el6_5.rc4.i686.rpm samba4-python-4.0.0-61.el6_5.rc4.i686.rpm samba4-swat-4.0.0-61.el6_5.rc4.i686.rpm samba4-test-4.0.0-61.el6_5.rc4.i686.rpm samba4-winbind-4.0.0-61.el6_5.rc4.i686.rpm samba4-winbind-clients-4.0.0-61.el6_5.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4.i686.rpm x86_64: samba4-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: x86_64: samba4-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: samba4-4.0.0-61.el6_5.rc4.i686.rpm samba4-client-4.0.0-61.el6_5.rc4.i686.rpm samba4-common-4.0.0-61.el6_5.rc4.i686.rpm samba4-dc-4.0.0-61.el6_5.rc4.i686.rpm samba4-dc-libs-4.0.0-61.el6_5.rc4.i686.rpm samba4-debuginfo-4.0.0-61.el6_5.rc4.i686.rpm samba4-devel-4.0.0-61.el6_5.rc4.i686.rpm samba4-libs-4.0.0-61.el6_5.rc4.i686.rpm samba4-pidl-4.0.0-61.el6_5.rc4.i686.rpm samba4-python-4.0.0-61.el6_5.rc4.i686.rpm samba4-swat-4.0.0-61.el6_5.rc4.i686.rpm samba4-test-4.0.0-61.el6_5.rc4.i686.rpm samba4-winbind-4.0.0-61.el6_5.rc4.i686.rpm samba4-winbind-clients-4.0.0-61.el6_5.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4.i686.rpm ppc64: samba4-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-client-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-common-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-dc-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-dc-libs-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-debuginfo-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-devel-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-libs-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-pidl-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-python-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-swat-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-test-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-winbind-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-winbind-clients-4.0.0-61.el6_5.rc4.ppc64.rpm samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4.ppc64.rpm s390x: samba4-4.0.0-61.el6_5.rc4.s390x.rpm samba4-client-4.0.0-61.el6_5.rc4.s390x.rpm samba4-common-4.0.0-61.el6_5.rc4.s390x.rpm samba4-dc-4.0.0-61.el6_5.rc4.s390x.rpm samba4-dc-libs-4.0.0-61.el6_5.rc4.s390x.rpm samba4-debuginfo-4.0.0-61.el6_5.rc4.s390x.rpm samba4-devel-4.0.0-61.el6_5.rc4.s390x.rpm samba4-libs-4.0.0-61.el6_5.rc4.s390x.rpm samba4-pidl-4.0.0-61.el6_5.rc4.s390x.rpm samba4-python-4.0.0-61.el6_5.rc4.s390x.rpm samba4-swat-4.0.0-61.el6_5.rc4.s390x.rpm samba4-test-4.0.0-61.el6_5.rc4.s390x.rpm samba4-winbind-4.0.0-61.el6_5.rc4.s390x.rpm samba4-winbind-clients-4.0.0-61.el6_5.rc4.s390x.rpm samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4.s390x.rpm x86_64: samba4-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: samba4-4.0.0-61.el6_5.rc4.i686.rpm samba4-client-4.0.0-61.el6_5.rc4.i686.rpm samba4-common-4.0.0-61.el6_5.rc4.i686.rpm samba4-dc-4.0.0-61.el6_5.rc4.i686.rpm samba4-dc-libs-4.0.0-61.el6_5.rc4.i686.rpm samba4-debuginfo-4.0.0-61.el6_5.rc4.i686.rpm samba4-devel-4.0.0-61.el6_5.rc4.i686.rpm samba4-libs-4.0.0-61.el6_5.rc4.i686.rpm samba4-pidl-4.0.0-61.el6_5.rc4.i686.rpm samba4-python-4.0.0-61.el6_5.rc4.i686.rpm samba4-swat-4.0.0-61.el6_5.rc4.i686.rpm samba4-test-4.0.0-61.el6_5.rc4.i686.rpm samba4-winbind-4.0.0-61.el6_5.rc4.i686.rpm samba4-winbind-clients-4.0.0-61.el6_5.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4.i686.rpm x86_64: samba4-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-61.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4.x86_64.rpm These packages are GPG signed by Red Hat for security. Ourkey and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-6150 https://access.redhat.com/security/cve/CVE-2013-4496 https://access.redhat.com/security/cve/CVE-2013-6442 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. . Red Hat's advisory on Samba4 points out major security vulnerabilities. Upgrading is advised to safeguard against password compromise and ACL issues. Red Hat, Samba4, Security Update, Moderate Impact, ACL Flaw. . LinuxSecurity.com Team
Apr 09, 2014
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!