Project

General

Profile

Bug #7891

Bug #7890: samba: Multiple vulnerabilities (CVE-2017-12150, CVE-2017-12151, CVE-2017-12163)

[3.7] samba: Multiple vulnerabilities (CVE-2017-12150, CVE-2017-12151, CVE-2017-12163)

Added by Alicha CH about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
09/25/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2017-12150: SMB1/2/3 connections may not require signing where they should

Affected versions:

samba 3.0.25 to 4.6.7

Fixed in:

samba 4.6.8, 4.5.14 and 4.4.16

References:

https://www.samba.org/samba/security/CVE-2017-12150.html
https://www.samba.org/samba/history/security.html

CVE-2017-12151: SMB3 connections don't keep encryption across DFS redirects

Affected versions:

samba 4.1.0 to 4.6.7

Fixed in:

samba 4.6.8, 4.5.14 and 4.4.16

References:

https://www.samba.org/samba/security/CVE-2017-12151.html
https://www.samba.org/samba/history/security.html

CVE-2017-12163: Server memory information leak over SMB1

Affected versions:

All versions of samba

Fixed in:

samba 4.6.8, 4.5.14 and 4.4.16

References:

https://www.samba.org/samba/security/CVE-2017-12163.html
https://www.samba.org/samba/history/security.html

Associated revisions

Revision 427ff642 (diff)
Added by Leonardo Arena about 1 year ago

main/samba: security upgrade to 4.7.0

(CVE-2017-12150, CVE-2017-12151, CVE-2017-12163)

fixes #7891

History

#1 Updated by Leonardo Arena about 1 year ago

Checking for system pyldb-util (>=1.1.29 <=1.1.99 =1.1.31) : not found
ERROR: System library pyldb-util of version 1.1.29 not found, and bundling disabled

Currently we have py-ldb-1.1.31

#2 Updated by Anonymous about 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH about 1 year ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF