Univention Bugzilla – Bug 40221
Samba: Multiple issues (4.1)
Last modified: 2016-10-05 12:46:46 CEST
Multiple security issues have been found in Samba: CVE-2015-7540: Bogus LDAP request cause samba to use all the memory and be ookilled CVE-2015-3223: LDAP \00 search expression attack DoS in Samba 4.x CVE-2015-5252: Insufficient symlink verification (file access outside the share) CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side CVE-2015-8467: Microsoft MS15-096 / CVE-2015-2535 needs matching fix in Samba CVE-2015-5330: Remote read memory exploit in LDB
The ldb package needs to be updated to version 1.1.24 too.
Samba 4.3.3 has been imported and built in errata4.1-0. The pacakges tdb, talloc, tevent and ldb have been updated too. Update (amd64) and basic replication & Kerberos test successful. Preliminary advisories have been checked in. CVEs will be added later.
OK - installation/update OK - ucs-test samba4 OK - shares access, windows client join/login, s4search OK - ldb.yaml OK - samba.yaml OK - talloc.yaml OK - tdb.yaml OK - tevent.yaml
<http://errata.software-univention.de/ucs/4.1/30.html> <http://errata.software-univention.de/ucs/4.1/31.html> <http://errata.software-univention.de/ucs/4.1/32.html> <http://errata.software-univention.de/ucs/4.1/33.html> <http://errata.software-univention.de/ucs/4.1/35.html>
<http://errata.software-univention.de/ucs/4.1/36.html>