news:2017:09:21:slackwarearm-14.2-changelog [Lotar's Wiki]

news:2017:09:21:slackwarearm-14.2-changelog

This is an old revision of the document!

patches/packages/samba-4.4.16-arm-1_slack14.2.txz
This is a security release in order to address the following defects:
SMB1/2/3 connections may not require signing where they should. A man in the
middle attack may hijack client connections.
SMB3 connections don't keep encryption across DFS redirects. A man in the
middle attack can read and may alter confidential documents transferred via
a client connection, which are reached via DFS redirect when the original
connection used SMB3.
Server memory information leak over SMB1. Client with write access to a share
can cause server memory contents to be written into a file or printer.
For more information, see:
https://www.samba.org/samba/security/CVE-2017-12150.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12150
https://www.samba.org/samba/security/CVE-2017-12151.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12151
https://www.samba.org/samba/security/CVE-2017-12163.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163
(* Security fix *)

slackware, changelog, slackwarearm-14.2, 2017/09

news/2017/09/21/slackwarearm-14.2-changelog.1506330671.txt.gz
Last modified: 7 years ago
by Giuseppe Di Terlizzi