This is an old revision of the document!
Slackwarearm-14.2 ChangeLog (2017-09-21)
Thu Sep 21 08:08:08 UTC 2017
Packages
Upgraded
- patches/packages/samba-4.4.16-arm-1_slack14.2.txz
This is a security release in order to address the following defects:
SMB1/2/3 connections may not require signing where they should. A man in the
middle attack may hijack client connections.
SMB3 connections don't keep encryption across DFS redirects. A man in the
middle attack can read and may alter confidential documents transferred via
a client connection, which are reached via DFS redirect when the original
connection used SMB3.
Server memory information leak over SMB1. Client with write access to a share
can cause server memory contents to be written into a file or printer.
For more information, see:
https://www.samba.org/samba/security/CVE-2017-12150.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12150
https://www.samba.org/samba/security/CVE-2017-12151.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12151
https://www.samba.org/samba/security/CVE-2017-12163.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163
(* Security fix *)