samba: Multiple vulnerabilities (CVE-2017-12150, CVE-2017-12151, CVE-2017-12163)
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should
Affected versions:
samba 3.0.25 to 4.6.7
Fixed in:
samba 4.6.8, 4.5.14 and 4.4.16
References:
https://www.samba.org/samba/security/CVE-2017-12150.html
https://www.samba.org/samba/history/security.html
CVE-2017-12151: SMB3 connections don’t keep encryption across DFS redirects
Affected versions:
samba 4.1.0 to 4.6.7
Fixed in:
samba 4.6.8, 4.5.14 and 4.4.16
References:
https://www.samba.org/samba/security/CVE-2017-12151.html
https://www.samba.org/samba/history/security.html
CVE-2017-12163: Server memory information leak over SMB1
Affected versions:
All versions of samba
Fixed in:
samba 4.6.8, 4.5.14 and 4.4.16
References:
https://www.samba.org/samba/security/CVE-2017-12163.html
https://www.samba.org/samba/history/security.html
(from redmine: issue id 7890, created on 2017-09-25, closed on 2017-10-25)
- Relations:
- child #7891 (closed)
- child #7892 (closed)
- child #7893 (closed)
- child #7894 (closed)
- child #7895 (closed)