First Last Prev Next    This bug is not in your last search results.
Bug 37735 - samba: Security issue (4.0)
samba: Security issue (4.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-1-errata
Assigned To: Moritz Muehlenhoff
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-09 14:43 CET by Moritz Muehlenhoff
Modified: 2015-02-24 08:22 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
YAML file (400 bytes, application/x-yaml)
2015-02-23 11:57 CET, Moritz Muehlenhoff 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2015-02-09 14:43:06 CET 

    


      




        
          Comment 1
        

        
          Moritz Muehlenhoff

        

        
            univentionstaff
        

        
          2015-02-09 14:43:15 CET
        
      





CVE-2015-0240

A malicious client could send packets that may set up the stack in
such a way that the freeing of memory in a subsequent anonymous
netlogon packet could allow execution of arbitrary code. This code
would execute with root privileges.

    


      




        
          Comment 2
        

        
          Arvid Requate

        

        
            univentionstaff
        

        
          2015-02-12 19:43:13 CET
        
      





New release date: Monday, February 23.

    


      




        
          Comment 3
        

        
          Moritz Muehlenhoff

        

        
            univentionstaff
        

        
          2015-02-19 12:24:56 CET
        
      





An updated package has been built. Tests went fine. The existing 2015-02-16-samba.yaml will be adapted upon embargo time.

    


      




        
          Comment 4
        

        
          Moritz Muehlenhoff

        

        
            univentionstaff
        

        
          2015-02-23 11:57:32 CET
        
      





Created attachment 6710 [details]
YAML file

    


      




        
          Comment 5
        

        
          Moritz Muehlenhoff

        

        
            univentionstaff
        

        
          2015-02-23 12:43:05 CET
        
      





Now public:
https://www.samba.org/samba/security/CVE-2015-0240

    


      




        
          Comment 6
        

        
          Arvid Requate

        

        
            univentionstaff
        

        
          2015-02-23 15:20:34 CET
        
      





Verified:
* Package has been rebuilt with upstream patch
* Installation, join, kinit+smb and ucs-test (amd64)
* Advisory

    


      




        
          Comment 7
        

        
          Moritz Muehlenhoff

        

        
            univentionstaff
        

        
          2015-02-24 08:22:29 CET
        
      





http://errata.univention.de/ucs/4.0/86.html

    



  






  

        






        




  
  First
  Last
  Prev
  Next
    
  This bug is not in your last
    search results.