Slackware-14.0 ChangeLog (2016-07-07)

Thu Jul 7 19:52:36 UTC 2016

  • patches/packages/samba-4.2.14-i486-1_slack14.0.txz
    This release fixes a security issue:
    Client side SMB2/3 required signing can be downgraded.
    It's possible for an attacker to downgrade the required signing for an
    SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or
    SMB2_SESSION_FLAG_IS_NULL flags. This means that the attacker can
    impersonate a server being connected to by Samba, and return malicious
    results.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119
    (* Security fix *)
  • news/2016/07/07/slackware-14.0-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi