MDKSA-2004:092 - Updated samba packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: samba
Advisory ID: MDKSA-2004:092
Date: September 13th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
Two vulnerabilities were discovered in samba 3.0.x; the first is a
defect in smbd's ASN.1 parsing that allows an attacker to send a
specially crafted packet during the authentication request which will
send the newly spawned smbd process into an infinite loop. As a
result, it is possible to use up all available memory on the
server.
The second vulnerability is in nmbd's processing of mailslot packets
which could allow an attacker to anonymously crash nmbd.
The provided packages are patched to protect against these two
vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
fbc2d7127436e5eb85c5acb74cdcf700
10.0/RPMS/libsmbclient0-3.0.6-4.1.100mdk.i586.rpm
c3840923c0a3a3f7879aad67d71b83ca
10.0/RPMS/libsmbclient0-devel-3.0.6-4.1.100mdk.i586.rpm
a32ffab67469831aa0a41bff1bfb6e0f
10.0/RPMS/libsmbclient0-static-devel-3.0.6-4.1.100mdk.i586.rpm
26f21d06aef89a024ab23e223ebd352e 10.0/RPMS/nss_wins-3.0.6-4.1.100mdk.i586.rpm
d1bfd3bb611b18b29234225b447f578d
10.0/RPMS/samba-client-3.0.6-4.1.100mdk.i586.rpm
455d513867cdc3a48e6daff86a9baaa8
10.0/RPMS/samba-common-3.0.6-4.1.100mdk.i586.rpm
124c7ef7605291f582a0936215e93547 10.0/RPMS/samba-doc-3.0.6-4.1.100mdk.i586.rpm
5b6cff62c630e3ef422e8d7a2689e9dc
10.0/RPMS/samba-passdb-mysql-3.0.6-4.1.100mdk.i586.rpm
00007bffe9e8b1cb31b775f4c858a4fe
10.0/RPMS/samba-passdb-pgsql-3.0.6-4.1.100mdk.i586.rpm
7ae2ff0b3081750ded1b337465852119
10.0/RPMS/samba-passdb-xml-3.0.6-4.1.100mdk.i586.rpm
389df2d926ab7a648fafa6081f28c705
10.0/RPMS/samba-server-3.0.6-4.1.100mdk.i586.rpm
fda3ee680a6bca3e06ff489aef330e8c
10.0/RPMS/samba-swat-3.0.6-4.1.100mdk.i586.rpm
2516390f97800e4f75cab77f69125f4c
10.0/RPMS/samba-winbind-3.0.6-4.1.100mdk.i586.rpm
00ea72438a3e6b155cc48ec0bef06f32 10.0/SRPMS/samba-3.0.6-4.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
6481a03c530b0d614fee4f635b4760e7
amd64/10.0/RPMS/lib64smbclient0-3.0.6-4.1.100mdk.amd64.rpm
1181a4a476c635ae512d93b4f5e425d4
amd64/10.0/RPMS/lib64smbclient0-devel-3.0.6-4.1.100mdk.amd64.rpm
1fdf2bbb3b46365f18ac9980dffe57c2
amd64/10.0/RPMS/lib64smbclient0-static-devel-3.0.6-4.1.100mdk.amd64.rpm
5c8b314e50486731cdfa8d57be32c6ea
amd64/10.0/RPMS/nss_wins-3.0.6-4.1.100mdk.amd64.rpm
31673408cf94a8c01844feaa50ccbe13
amd64/10.0/RPMS/samba-client-3.0.6-4.1.100mdk.amd64.rpm
0e68f033a5abdaf69c2a7eead07d235f
amd64/10.0/RPMS/samba-common-3.0.6-4.1.100mdk.amd64.rpm
b806d5a0f505163a8edc510cd3929c0b
amd64/10.0/RPMS/samba-doc-3.0.6-4.1.100mdk.amd64.rpm
60539a9d937e55630f3dc1a1de0d688a
amd64/10.0/RPMS/samba-passdb-mysql-3.0.6-4.1.100mdk.amd64.rpm
5c1f865f300b3b161ebabf6804c15f65
amd64/10.0/RPMS/samba-passdb-pgsql-3.0.6-4.1.100mdk.amd64.rpm
426c446dfd68b7e778117dd711593e99
amd64/10.0/RPMS/samba-passdb-xml-3.0.6-4.1.100mdk.amd64.rpm
feabeb6e85e9635f83f3d9e74afbad4f
amd64/10.0/RPMS/samba-server-3.0.6-4.1.100mdk.amd64.rpm
13b6f3dee538846ec248bad245ada10b
amd64/10.0/RPMS/samba-swat-3.0.6-4.1.100mdk.amd64.rpm
685de7594b2ab92323fa0dc14f9bb34b
amd64/10.0/RPMS/samba-winbind-3.0.6-4.1.100mdk.amd64.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBRhPdmqjQ0CJFipgRAtdUAJ9G/zOcOAVYiIsf8UROb0ZpAhFkWgCeLf0v
/fMCdqRXRtY0bdiWXo4hhz4=
=2V/A
-----END PGP SIGNATURE-----