<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2007:034 ] - Updated samba packages address multiple vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:034
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : samba
 Date    : February 5, 2007
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A logic error in the deferred open code for smbd may allow an
 authenticated user to exhaust resources such as memory and CPU on the
 server by opening multiple CIFS sessions, each of which will normally
 spawn a new smbd process, and sending each connection into an infinite
 loop. (CVE-2007-0452)

 The name of a file on the server's share is used as the format string
 when setting an NT security descriptor through the afsacl.so VFS
 plugin. (CVE-2007-0454)

 Updated packages have been patched to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 1b530594d9d6bf0a0a4b974d9c61fb94  
2006.0/i586/libsmbclient0-3.0.20-3.2.20060mdk.i586.rpm
 12a3694d0ecfe2c7327393e88da54806  
2006.0/i586/libsmbclient0-devel-3.0.20-3.2.20060mdk.i586.rpm
 9847f27829d38428d9e7b8b14f97de49  
2006.0/i586/libsmbclient0-static-devel-3.0.20-3.2.20060mdk.i586.rpm
 31fa2a33fbd83b5db9d04210104e7360  
2006.0/i586/mount-cifs-3.0.20-3.2.20060mdk.i586.rpm
 8463d92295c0834802f9548fe4942a9b  
2006.0/i586/nss_wins-3.0.20-3.2.20060mdk.i586.rpm
 efbce43af5682f5ac8b09c21bb44dd1b  
2006.0/i586/samba-client-3.0.20-3.2.20060mdk.i586.rpm
 1b4216e9f7cb33ff0d83f6f6154932cb  
2006.0/i586/samba-common-3.0.20-3.2.20060mdk.i586.rpm
 76659405c7b4ac3d2bf9aba245637d64  
2006.0/i586/samba-doc-3.0.20-3.2.20060mdk.i586.rpm
 968284cf40359ff00ad3011fb2eb9746  
2006.0/i586/samba-passdb-mysql-3.0.20-3.2.20060mdk.i586.rpm
 22b8c6f6df2e334689fb075ce50249f7  
2006.0/i586/samba-passdb-pgsql-3.0.20-3.2.20060mdk.i586.rpm
 bf5433f0ebfa4316ed12344f29d65bb2  
2006.0/i586/samba-passdb-xml-3.0.20-3.2.20060mdk.i586.rpm
 d1c79404fafd39db117e3f03852d8f98  
2006.0/i586/samba-server-3.0.20-3.2.20060mdk.i586.rpm
 f8e0c598ebee64f19e22758f73eeaede  
2006.0/i586/samba-smbldap-tools-3.0.20-3.2.20060mdk.i586.rpm
 5a1f9acb75709a958a87de121ffee236  
2006.0/i586/samba-swat-3.0.20-3.2.20060mdk.i586.rpm
 e9b0e4aa373e3d37c520447366f56710  
2006.0/i586/samba-vscan-clamav-3.0.20-3.2.20060mdk.i586.rpm
 1edc664ebced1683a7a62eb7d60bc341  
2006.0/i586/samba-vscan-icap-3.0.20-3.2.20060mdk.i586.rpm
 1c74716b5b8d2605f2c497720831d180  
2006.0/i586/samba-winbind-3.0.20-3.2.20060mdk.i586.rpm 
 c35b130dac78cd9f892351a670d903a4  
2006.0/SRPMS/samba-3.0.20-3.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 d0303faed0767e3874b138662049ae88  
2006.0/x86_64/lib64smbclient0-3.0.20-3.2.20060mdk.x86_64.rpm
 05cbbaa507003fbed1f789fd92539350  
2006.0/x86_64/lib64smbclient0-devel-3.0.20-3.2.20060mdk.x86_64.rpm
 a65750a7b2485c3fa00d2286d299b0ba  
2006.0/x86_64/lib64smbclient0-static-devel-3.0.20-3.2.20060mdk.x86_64.rpm
 663b53e302dc2db8015b8206e79e4a28  
2006.0/x86_64/mount-cifs-3.0.20-3.2.20060mdk.x86_64.rpm
 da521e66365c906bf8dbaf1a311fffde  
2006.0/x86_64/nss_wins-3.0.20-3.2.20060mdk.x86_64.rpm
 b87484e5a5dff12619b4ac148adb9dc8  
2006.0/x86_64/samba-client-3.0.20-3.2.20060mdk.x86_64.rpm
 6bc67acab757d473aafdd75f4bfe89da  
2006.0/x86_64/samba-common-3.0.20-3.2.20060mdk.x86_64.rpm
 9ff68bbba6e53f65850910fd90002a02  
2006.0/x86_64/samba-doc-3.0.20-3.2.20060mdk.x86_64.rpm
 fb0ebdc18bb7a8dbf975847b83c67351  
2006.0/x86_64/samba-passdb-mysql-3.0.20-3.2.20060mdk.x86_64.rpm
 d936bd945847eee84cff46bb06bafde7  
2006.0/x86_64/samba-passdb-pgsql-3.0.20-3.2.20060mdk.x86_64.rpm
 168d8d337225b41db957b4331324d7d5  
2006.0/x86_64/samba-passdb-xml-3.0.20-3.2.20060mdk.x86_64.rpm
 03de0ab9fa0c7441cf0e232bc5af5f4b  
2006.0/x86_64/samba-server-3.0.20-3.2.20060mdk.x86_64.rpm
 94147f52697abed4711b56004bae7488  
2006.0/x86_64/samba-smbldap-tools-3.0.20-3.2.20060mdk.x86_64.rpm
 caf8a9f3f9345ce6d736332201bd89dd  
2006.0/x86_64/samba-swat-3.0.20-3.2.20060mdk.x86_64.rpm
 a1b625278ce98c6f9d156b98e0164768  
2006.0/x86_64/samba-vscan-clamav-3.0.20-3.2.20060mdk.x86_64.rpm
 070d34b18cd6fb5ff0728b7ae313fb38  
2006.0/x86_64/samba-vscan-icap-3.0.20-3.2.20060mdk.x86_64.rpm
 3a6c127079aa9a99aa5d6672d47876af  
2006.0/x86_64/samba-winbind-3.0.20-3.2.20060mdk.x86_64.rpm 
 c35b130dac78cd9f892351a670d903a4  
2006.0/SRPMS/samba-3.0.20-3.2.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 49698f756c0e8d91276578a62f4ba093  
2007.0/i586/libsmbclient0-3.0.23d-2.1mdv2007.0.i586.rpm
 e9c2b7a0d7ad877bf4addaee8ddd6636  
2007.0/i586/libsmbclient0-devel-3.0.23d-2.1mdv2007.0.i586.rpm
 dc8d339ca3fe1aa627ccc5a3b9af6120  
2007.0/i586/libsmbclient0-static-devel-3.0.23d-2.1mdv2007.0.i586.rpm
 8f16457913266d4d1ad6234e4b5b8097  
2007.0/i586/mount-cifs-3.0.23d-2.1mdv2007.0.i586.rpm
 fffe690992e8f0efff9409a236754c47  
2007.0/i586/nss_wins-3.0.23d-2.1mdv2007.0.i586.rpm
 0c145a6a8036d7752c47cff748531f5e  
2007.0/i586/samba-client-3.0.23d-2.1mdv2007.0.i586.rpm
 220ad409561a8240c342cd3195eb2cf0  
2007.0/i586/samba-common-3.0.23d-2.1mdv2007.0.i586.rpm
 af80bc7435e7cae23712c87c9598372c  
2007.0/i586/samba-doc-3.0.23d-2.1mdv2007.0.i586.rpm
 b6ffd2bc4c8630be79e0a696afdba613  
2007.0/i586/samba-server-3.0.23d-2.1mdv2007.0.i586.rpm
 e6c4ded117afebe41c604044312b8e3d  
2007.0/i586/samba-smbldap-tools-3.0.23d-2.1mdv2007.0.i586.rpm
 7447a6e3aae0e624538baf67ea9fb0be  
2007.0/i586/samba-swat-3.0.23d-2.1mdv2007.0.i586.rpm
 53078072767f7c4beb0051ef7d2396f4  
2007.0/i586/samba-vscan-clamav-3.0.23d-2.1mdv2007.0.i586.rpm
 310d1781c1e074427e12a8adce89080f  
2007.0/i586/samba-vscan-icap-3.0.23d-2.1mdv2007.0.i586.rpm
 2234b0c5bbfeb3761c04a2e20f4c2011  
2007.0/i586/samba-winbind-3.0.23d-2.1mdv2007.0.i586.rpm 
 2c100ee062786455b7a1361162681d3f  
2007.0/SRPMS/samba-3.0.23d-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 57cfbe3fcab432986388a671e87ae633  
2007.0/x86_64/lib64smbclient0-3.0.23d-2.1mdv2007.0.x86_64.rpm
 fe197b55117f98233e88830d02a2e27e  
2007.0/x86_64/lib64smbclient0-devel-3.0.23d-2.1mdv2007.0.x86_64.rpm
 4ab42f1b496d18a8c5b0ea4a2227d183  
2007.0/x86_64/lib64smbclient0-static-devel-3.0.23d-2.1mdv2007.0.x86_64.rpm
 f08f01a9f665aa725b2ddb57c9c404b2  
2007.0/x86_64/mount-cifs-3.0.23d-2.1mdv2007.0.x86_64.rpm
 c80cf80b0b384089ec24851b7f8ab953  
2007.0/x86_64/nss_wins-3.0.23d-2.1mdv2007.0.x86_64.rpm
 4d0b197fc5911e869169bba817370628  
2007.0/x86_64/samba-client-3.0.23d-2.1mdv2007.0.x86_64.rpm
 4d014bfb3df5abf0b989e28b38b53dd8  
2007.0/x86_64/samba-common-3.0.23d-2.1mdv2007.0.x86_64.rpm
 700af04adb31ca38f48d685d3faf8c9b  
2007.0/x86_64/samba-doc-3.0.23d-2.1mdv2007.0.x86_64.rpm
 42a00b49ff9d9d2dcf79b87fc0071949  
2007.0/x86_64/samba-server-3.0.23d-2.1mdv2007.0.x86_64.rpm
 6dc3f75fa24fa3cad10b26992337681d  
2007.0/x86_64/samba-smbldap-tools-3.0.23d-2.1mdv2007.0.x86_64.rpm
 7c30e5c6510dfb250ec281555b0345f3  
2007.0/x86_64/samba-swat-3.0.23d-2.1mdv2007.0.x86_64.rpm
 6ac32a1dccc2ef25cbc442b80dfa510e  
2007.0/x86_64/samba-vscan-clamav-3.0.23d-2.1mdv2007.0.x86_64.rpm
 0a5489da53535cb7bced9f0209b31b7e  
2007.0/x86_64/samba-vscan-icap-3.0.23d-2.1mdv2007.0.x86_64.rpm
 f81cbb3c33aa275e7d1abe6bee28b09f  
2007.0/x86_64/samba-winbind-3.0.23d-2.1mdv2007.0.x86_64.rpm 
 2c100ee062786455b7a1361162681d3f  
2007.0/SRPMS/samba-3.0.23d-2.1mdv2007.0.src.rpm

 Corporate 3.0:
 610b01ff319a2f0b6a435811eeff0810  
corporate/3.0/i586/libsmbclient0-3.0.14a-6.3.C30mdk.i586.rpm
 e1e761203cba95358a772f7b14c8dd02  
corporate/3.0/i586/libsmbclient0-devel-3.0.14a-6.3.C30mdk.i586.rpm
 853268794641fd454d61a2d75ba27a55  
corporate/3.0/i586/libsmbclient0-static-devel-3.0.14a-6.3.C30mdk.i586.rpm
 5e3b18bb84992632a6bd98b45b61b2a4  
corporate/3.0/i586/mount-cifs-3.0.14a-6.3.C30mdk.i586.rpm
 29a5dc872780c62c92293f8557cb0515  
corporate/3.0/i586/nss_wins-3.0.14a-6.3.C30mdk.i586.rpm
 224ed9dbcaa24257cabafa07cbad1e4f  
corporate/3.0/i586/samba-client-3.0.14a-6.3.C30mdk.i586.rpm
 3b7261b03c35cd1f64e5250b83c16c36  
corporate/3.0/i586/samba-common-3.0.14a-6.3.C30mdk.i586.rpm
 ec528554436ea44803e614f8d8198804  
corporate/3.0/i586/samba-doc-3.0.14a-6.3.C30mdk.i586.rpm
 02d548942ae7b8f1477d191c7945ac85  
corporate/3.0/i586/samba-passdb-xml-3.0.14a-6.3.C30mdk.i586.rpm
 3aeacb6baa110c6b16e636cd7239a4f7  
corporate/3.0/i586/samba-server-3.0.14a-6.3.C30mdk.i586.rpm
 1936e0d6ad8d44b3c403760c5e1e0c2d  
corporate/3.0/i586/samba-smbldap-tools-3.0.14a-6.3.C30mdk.i586.rpm
 a40e08ccaa1008fbfd2f5cb198e93a3c  
corporate/3.0/i586/samba-swat-3.0.14a-6.3.C30mdk.i586.rpm
 74c4648589e24ac92019d38676f0b812  
corporate/3.0/i586/samba-vscan-antivir-3.0.14a-6.3.C30mdk.i586.rpm
 0420e9b8cbb2d3c0a13bdd991a05c25c  
corporate/3.0/i586/samba-vscan-clamav-3.0.14a-6.3.C30mdk.i586.rpm
 0e518474736a101e37d882ca14a911e9  
corporate/3.0/i586/samba-vscan-icap-3.0.14a-6.3.C30mdk.i586.rpm
 c8d42c7388172eec532773dd86bc0ebf  
corporate/3.0/i586/samba-winbind-3.0.14a-6.3.C30mdk.i586.rpm 
 44944ce7e8faf04cf5b9d1449a2b9968  
corporate/3.0/SRPMS/samba-3.0.14a-6.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 74209324f42f33ba9559049c66f824e6  
corporate/3.0/x86_64/lib64smbclient0-3.0.14a-6.3.C30mdk.x86_64.rpm
 6c909366a745c160ed5f8f79c2eafe14  
corporate/3.0/x86_64/lib64smbclient0-devel-3.0.14a-6.3.C30mdk.x86_64.rpm
 b6393599a6efd9031acddbe7b40e7446  
corporate/3.0/x86_64/lib64smbclient0-static-devel-3.0.14a-6.3.C30mdk.x86_64.rpm
 16e3b13b4af3c1dada19e106091de1de  
corporate/3.0/x86_64/mount-cifs-3.0.14a-6.3.C30mdk.x86_64.rpm
 ccc3bc4b4bbe931b033815fc2afecddc  
corporate/3.0/x86_64/nss_wins-3.0.14a-6.3.C30mdk.x86_64.rpm
 226413881d7655a30ced554008706764  
corporate/3.0/x86_64/samba-client-3.0.14a-6.3.C30mdk.x86_64.rpm
 290a302ca0d4cc1324b3a9e4ce521f0c  
corporate/3.0/x86_64/samba-common-3.0.14a-6.3.C30mdk.x86_64.rpm
 b56f3bd2ed4f73b6dce3064a1c8c9bd6  
corporate/3.0/x86_64/samba-doc-3.0.14a-6.3.C30mdk.x86_64.rpm
 03a81c23ed8795a336acfff4b426b975  
corporate/3.0/x86_64/samba-passdb-xml-3.0.14a-6.3.C30mdk.x86_64.rpm
 6e32f57c9b8155d67b8e0b24f5cf757f  
corporate/3.0/x86_64/samba-server-3.0.14a-6.3.C30mdk.x86_64.rpm
 e7d0698646616d523d6be49f13f1a9b4  
corporate/3.0/x86_64/samba-smbldap-tools-3.0.14a-6.3.C30mdk.x86_64.rpm
 723273e8ff901a208f00b46df25bab57  
corporate/3.0/x86_64/samba-swat-3.0.14a-6.3.C30mdk.x86_64.rpm
 653910baabf7ee0ad7fbea925f7a1747  
corporate/3.0/x86_64/samba-vscan-antivir-3.0.14a-6.3.C30mdk.x86_64.rpm
 95b724272151a90b0b39baa7fe60b9a7  
corporate/3.0/x86_64/samba-vscan-clamav-3.0.14a-6.3.C30mdk.x86_64.rpm
 b4fdebc3157d9c321f07cc4d41368602  
corporate/3.0/x86_64/samba-vscan-icap-3.0.14a-6.3.C30mdk.x86_64.rpm
 5371cfea234c8bbb85e1e0144636cece  
corporate/3.0/x86_64/samba-winbind-3.0.14a-6.3.C30mdk.x86_64.rpm 
 44944ce7e8faf04cf5b9d1449a2b9968  
corporate/3.0/SRPMS/samba-3.0.14a-6.3.C30mdk.src.rpm

 Corporate 4.0:
 8a4efbaa85be459e634b6f57bd84e674  
corporate/4.0/i586/libsmbclient0-3.0.23a-2.1.20060mlcs4.i586.rpm
 70e874489332bceb5f961ae45a522321  
corporate/4.0/i586/libsmbclient0-devel-3.0.23a-2.1.20060mlcs4.i586.rpm
 3d8f343507bae572d31cba5390756a12  
corporate/4.0/i586/libsmbclient0-static-devel-3.0.23a-2.1.20060mlcs4.i586.rpm
 f9b130a4c62f3c19cc81c48af86e0361  
corporate/4.0/i586/mount-cifs-3.0.23a-2.1.20060mlcs4.i586.rpm
 49071789a8086809b5e560cafb15cad1  
corporate/4.0/i586/nss_wins-3.0.23a-2.1.20060mlcs4.i586.rpm
 2a63ca33b2e6443ba6dc4fe0fa1cb4f2  
corporate/4.0/i586/samba-client-3.0.23a-2.1.20060mlcs4.i586.rpm
 6fa46d8f20933dd55849eea9237bb3d6  
corporate/4.0/i586/samba-common-3.0.23a-2.1.20060mlcs4.i586.rpm
 a3d914d7ab41b2a41db8f60dca831acc  
corporate/4.0/i586/samba-doc-3.0.23a-2.1.20060mlcs4.i586.rpm
 28ee763573faf14927a3660f3b4af34e  
corporate/4.0/i586/samba-server-3.0.23a-2.1.20060mlcs4.i586.rpm
 e83424699bfff7fc3d4c376bdd60e881  
corporate/4.0/i586/samba-smbldap-tools-3.0.23a-2.1.20060mlcs4.i586.rpm
 88044a64f131646a63e51bf5246622de  
corporate/4.0/i586/samba-swat-3.0.23a-2.1.20060mlcs4.i586.rpm
 32960e7fed3293db871b6b612e4afcf0  
corporate/4.0/i586/samba-test-3.0.23a-2.1.20060mlcs4.i586.rpm
 2044ac2489809fa4f96fec7375b582db  
corporate/4.0/i586/samba-vscan-clamav-3.0.23a-2.1.20060mlcs4.i586.rpm
 9a14d2d6696494c518f3f6378a327224  
corporate/4.0/i586/samba-vscan-icap-3.0.23a-2.1.20060mlcs4.i586.rpm
 67d208a81ef1070070a666a900700b3a  
corporate/4.0/i586/samba-winbind-3.0.23a-2.1.20060mlcs4.i586.rpm 
 57f113921e6fb7414bdd9d1c075b1030  
corporate/4.0/SRPMS/samba-3.0.23a-2.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7528aa4288beaa4452ef2c69992065c8  
corporate/4.0/x86_64/lib64smbclient0-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 cc101bce8dda332447360161e1b652d1  
corporate/4.0/x86_64/lib64smbclient0-devel-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 48c5d9228fdb71803cd2b4d116b5725c  
corporate/4.0/x86_64/lib64smbclient0-static-devel-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 d62c236fcbf522c9323f903b7a4bfc41  
corporate/4.0/x86_64/mount-cifs-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 8ed4ea70d27d8acdcc1f341460c9bf83  
corporate/4.0/x86_64/nss_wins-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 9ba719828eab5adca25c5e3f50fe98fb  
corporate/4.0/x86_64/samba-client-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 35d1abde23fbe8ce3cff4cbc35d43f34  
corporate/4.0/x86_64/samba-common-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 41b75c632aa59060a0dbe7dcc1b78629  
corporate/4.0/x86_64/samba-doc-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 010b50d46c8ec7c50835b4f47767a81a  
corporate/4.0/x86_64/samba-server-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 87d9625456749016fe73cea8ac94bebd  
corporate/4.0/x86_64/samba-smbldap-tools-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 826a8ab2817ffc3063d9b3e4bae452aa  
corporate/4.0/x86_64/samba-swat-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 3512d880148667c72488ca5e4bbfe866  
corporate/4.0/x86_64/samba-test-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 38352d07c2279ed4167ac39707b169a9  
corporate/4.0/x86_64/samba-vscan-clamav-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 1bfcc6e14f436c2b62a1d530757c338e  
corporate/4.0/x86_64/samba-vscan-icap-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 778a1275dad9902e416a8ebc11ca5fd0  
corporate/4.0/x86_64/samba-winbind-3.0.23a-2.1.20060mlcs4.x86_64.rpm 
 57f113921e6fb7414bdd9d1c075b1030  
corporate/4.0/SRPMS/samba-3.0.23a-2.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFx3o2mqjQ0CJFipgRAk5zAJ9tkYQ2v6sYWp+kl8RJivjihfS/ZACg1uLM
p7JuZNsuECR01TTXylVozcM=
=fcOt
-----END PGP SIGNATURE-----