GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Feb 25, 2015 11:26 pm Post subject: [ GLSA 201502-15 ] Samba |
|
|
Gentoo Linux Security Advisory
Title: Samba: Multiple vulnerabilities (GLSA 201502-15)
Severity: high
Exploitable: local, remote
Date: February 25, 2015
Bug(s): #479868, #491070, #493664, #504494, #511764, #514676, #541182
ID: 201502-15
Synopsis
Multiple vulnerabilities have been found in Samba, the worst of
which allowing a context-dependent attacker to bypass intended file
restrictions, cause a Denial of Service or execute arbitrary code.
Background
Samba is a suite of SMB and CIFS client/server programs.
Affected Packages
Package: net-fs/samba
Vulnerable: < 3.6.25
Unaffected: >= 3.6.25
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Samba. Please review
the CVE identifiers referenced below for details.
Impact
A context-dependent attacker may be able to execute arbitrary code,
cause a Denial of Service condition, bypass intended file restrictions,
or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Samba users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-3.6.25"
|
References
CVE-2012-6150
CVE-2013-4124
CVE-2013-4408
CVE-2013-4475
CVE-2013-4476
CVE-2013-4496
CVE-2014-0178
CVE-2014-0239
CVE-2014-0244
CVE-2014-3493
CVE-2015-0240
Last edited by GLSA on Thu Jun 18, 2015 4:17 am; edited 1 time in total |
|