From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8D0DD1382C5 for ; Tue, 22 May 2018 22:31:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 458DAE0893; Tue, 22 May 2018 22:31:06 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 65394E0848 for ; Tue, 22 May 2018 22:30:32 +0000 (UTC) Received: from monkey.localnet (pool-71-163-21-11.washdc.fios.verizon.net [71.163.21.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: bman) by smtp.gentoo.org (Postfix) with ESMTPSA id 35C39335C77 for ; Tue, 22 May 2018 22:30:29 +0000 (UTC) From: Aaron Bauman To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Subject: [gentoo-announce] [ GLSA 201805-07 ] Samba: Multiple vulnerabilities Date: Tue, 22 May 2018 18:30:26 -0400 Message-ID: <1609602.2eFsyHjrJe@monkey> Organization: Gentoo Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1801957.shIz6BovUx"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-Archives-Salt: f88a61eb-3e99-40c4-8dc0-562d9bffef62 X-Archives-Hash: 4d7a323d04a984bb03edc2f71fdfeb00 --nextPart1801957.shIz6BovUx Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Samba: Multiple vulnerabilities Date: May 22, 2018 Bugs: #588262, #619516, #639024, #650382 ID: 201805-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Samba, the worst of which may allow remote execution of arbitrary code. Background ========== Samba is a suite of SMB and CIFS client/server programs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/samba < 4.5.16 >= 4.5.16 Description =========== Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-4.5.16" References ========== [ 1 ] CVE-2016-2119 https://nvd.nist.gov/vuln/detail/CVE-2016-2119 [ 2 ] CVE-2017-14746 https://nvd.nist.gov/vuln/detail/CVE-2017-14746 [ 3 ] CVE-2017-15275 https://nvd.nist.gov/vuln/detail/CVE-2017-15275 [ 4 ] CVE-2017-7494 https://nvd.nist.gov/vuln/detail/CVE-2017-7494 [ 5 ] CVE-2018-1050 https://nvd.nist.gov/vuln/detail/CVE-2018-1050 [ 6 ] CVE-2018-1057 https://nvd.nist.gov/vuln/detail/CVE-2018-1057 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201805-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --nextPart1801957.shIz6BovUx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlsEmgIACgkQpRQw84X1 dt0h3wf+ITeH4X27OQOqAAVOu+Othmj+pn/O9+eEUufQEJcq5YixbZmic6wb/FxX oLFck9oBdyBMoRTfYHIKmCjTt9PVlGkH7CGje5w8QxgnJqbO1shBHRZufCDFkKDR lzS82TT6zvqZif/E8zO/pRZ2RA9rsQ7gu+Cq3hYPIocBHEJ3PATIj/zDvNo75/tl K/eCaUz6bc5eHyYI3S0jNKX8kI+g7XfNnJKCA/qkP0nGp5NWoXgbeUWLaqSlX4Ax uAM/U0aGLvrbDAvbAMCRpH6IBPMBbeMGXrGSk/uvUV94H9EF0IQB8QyVzyK+OwlB MD5+J0EpCjpS99Xn2+df8O9LGbjqXg== =OIbx -----END PGP SIGNATURE----- --nextPart1801957.shIz6BovUx--