Univention Bugzilla – Bug 37735
samba: Security issue (4.0)
Last modified: 2015-02-24 08:22:29 CET
CVE-2015-0240 A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
New release date: Monday, February 23.
An updated package has been built. Tests went fine. The existing 2015-02-16-samba.yaml will be adapted upon embargo time.
Created attachment 6710 [details] YAML file
Now public: https://www.samba.org/samba/security/CVE-2015-0240
Verified: * Package has been rebuilt with upstream patch * Installation, join, kinit+smb and ucs-test (amd64) * Advisory
http://errata.univention.de/ucs/4.0/86.html