Slackware-14.1 ChangeLog (2016-07-07)
Thu Jul 7 19:52:36 UTC 2016
Packages
Upgraded
- patches/packages/samba-4.2.14-i486-1_slack14.1.txz
This release fixes a security issue:
Client side SMB2/3 required signing can be downgraded.
It's possible for an attacker to downgrade the required signing for an
SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or
SMB2_SESSION_FLAG_IS_NULL flags. This means that the attacker can
impersonate a server being connected to by Samba, and return malicious
results.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119
(* Security fix *)