This is an old revision of the document!
Slackwarearm-14.1 ChangeLog (2016-07-09)
Sat Jul 9 07:37:07 UTC 2016
Packages
Upgraded
- patches/packages/samba-4.2.14-arm-1_slack14.1.txz
This release fixes a security issue:
Client side SMB2/3 required signing can be downgraded.
It's possible for an attacker to downgrade the required signing for an
SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or
SMB2_SESSION_FLAG_IS_NULL flags. This means that the attacker can
impersonate a server being connected to by Samba, and return malicious
results.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119
(* Security fix *)