Samba: Multiple vulnerabilities — GLSA 201502-15

Multiple vulnerabilities have been found in Samba, the worst of which allowing a context-dependent attacker to bypass intended file restrictions, cause a Denial of Service or execute arbitrary code.

Affected packages

Background

Samba is a suite of SMB and CIFS client/server programs.

Description

Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, bypass intended file restrictions, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/samba-3.6.25"
 

References

• CVE-2012-6150
• CVE-2013-4124
• CVE-2013-4408
• CVE-2013-4475
• CVE-2013-4476
• CVE-2013-4496
• CVE-2014-0178
• CVE-2014-0239
• CVE-2014-0244
• CVE-2014-3493
• CVE-2015-0240

Release date
February 25, 2015

Latest revision
February 25, 2015: 1

Severity
high

Exploitable
local, remote

Bugzilla entries

• 479868
• 491070
• 493664
• 504494
• 511764
• 514676
• 541182