Slackware-14.2 ChangeLog (2017-11-28)
Tue Nov 28 06:20:03 UTC 2017
Packages
Rebuilt
- patches/packages/samba-4.4.16-i586-2_slack14.2.txz
This is a security update in order to patch the following defects:
CVE-2017-14746 (Use-after-free vulnerability.)
All versions of Samba from 4.0.0 onwards are vulnerable to a use after
free vulnerability, where a malicious SMB1 request can be used to
control the contents of heap memory via a deallocated heap pointer. It
is possible this may be used to compromise the SMB server.
CVE-2017-15275 (Server heap memory information leak.)
All versions of Samba from 3.6.0 onwards are vulnerable to a heap
memory information leak, where server allocated heap memory may be
returned to the client without being cleared.
For more information, see:
https://www.samba.org/samba/security/CVE-2017-14746.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746
https://www.samba.org/samba/security/CVE-2017-15275.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
(* Security fix *)