This is an old revision of the document!


Slackware-current ChangeLog (2015-01-21)

Wed Jan 21 03:10:01 UTC 2015

Wed Jan 21 03:10:01 UTC 2015
d/gdb-7.8.2-i486-1.txz:  Upgraded.
n/alpine-2.20-i486-1.txz:  Upgraded.
n/imapd-2.20-i486-1.txz:  Upgraded.
n/samba-4.1.16-i486-1.txz:  Upgraded.
  This update is a security release in order to address CVE-2014-8143
  (Elevation of privilege to Active Directory Domain Controller).
  Samba's AD DC allows the administrator to delegate creation of user or
  computer accounts to specific users or groups.  However, all released
  versions of Samba's AD DC did not implement the additional required
  check on the UF_SERVER_TRUST_ACCOUNT bit in the userAccountControl
  attributes.  Most Samba deployments are not of the AD Domain Controller,
  but are of the classic domain controller, the file server or print server.
  Only the Active Directory Domain Controller is affected by this issue.
  Additionally, most sites running the AD Domain Controller do not configure
  delegation for the creation of user or computer accounts, and so are not
  vulnerable to this issue, as no writes are permitted to the
  userAccountControl attribute, no matter what the value.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143
  (* Security fix *)
  • news/2015/01/21/slackware-current-changelog.1425986438.txt.gz
  • Last modified: 9 years ago
  • by Giuseppe Di Terlizzi