Samba: Multiple vulnerabilities — GLSA 201502-15

Multiple vulnerabilities have been found in Samba, the worst of which allowing a context-dependent attacker to bypass intended file restrictions, cause a Denial of Service or execute arbitrary code.

Affected Packages

net-fs/samba on all architectures
Affected versions < 3.6.25
Unaffected versions >= 3.6.25

Background

Samba is a suite of SMB and CIFS client/server programs.

Description

Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, bypass intended file restrictions, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Samba users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/samba-3.6.25"
 

References

Release Date
February 25, 2015

Latest Revision
February 25, 2015: 1

Severity
high

Exploitable
local, remote

Bugzilla entries