Univention Bugzilla – Bug 37731
samba: Security issue (3.2)
Last modified: 2015-02-23 16:36:35 CET
CVE-2015-0240 A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
Created attachment 6699 [details] YAML
An updated package has been built. The YAML is attached (it cannot be commited until hthe embargo has passed). ucs-test-samba* was successful.
Now public: https://www.samba.org/samba/security/CVE-2015-0240
Verified: * Package has been rebuilt with upstream patch * Installation, join, kinit+smb and ucs-test, win7 client join, ddns update, user login, password change (amd64) * Advisory
<http://errata.univention.de/ucs/3.2/291.html>