| Summary: | samba new security issue CVE-2013-4475 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tmb |
| Version: | 3 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/574315/ | ||
| Whiteboard: | MGA2TOO has_procedure advisory MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OK | ||
| Source RPM: | samba-3.6.15-1.1.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-11-12 17:15:19 CET
CC'ing sysadmins as we need this pushed in Cauldron. CC:
(none) =>
sysadmin-bugs Updating the references to use the slightly more detailed upstream advisory. Advisory: ======================== Updated samba packages fix security vulnerabilities: Samba versions before 3.6.20 do not check the underlying file or directory ACL when opening an alternate data stream (CVE-2013-4475). Samba is not configured by default to support alternate data streams, so only servers that have enabled the streams_depot or streams_xattr VFS modules are affected. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475 http://www.samba.org/samba/security/CVE-2013-4475 ======================== Updated packages in core/updates_testing: ======================== samba-server-3.6.5-2.4.mga2 samba-client-3.6.5-2.4.mga2 samba-common-3.6.5-2.4.mga2 samba-doc-3.6.5-2.4.mga2 samba-swat-3.6.5-2.4.mga2 samba-winbind-3.6.5-2.4.mga2 nss_wins-3.6.5-2.4.mga2 libsmbclient0-3.6.5-2.4.mga2 libsmbclient0-devel-3.6.5-2.4.mga2 libsmbclient0-static-devel-3.6.5-2.4.mga2 libnetapi0-3.6.5-2.4.mga2 libnetapi-devel-3.6.5-2.4.mga2 libsmbsharemodes0-3.6.5-2.4.mga2 libsmbsharemodes-devel-3.6.5-2.4.mga2 libwbclient0-3.6.5-2.4.mga2 libwbclient-devel-3.6.5-2.4.mga2 samba-virusfilter-clamav-3.6.5-2.4.mga2 samba-virusfilter-fsecure-3.6.5-2.4.mga2 samba-virusfilter-sophos-3.6.5-2.4.mga2 samba-domainjoin-gui-3.6.5-2.4.mga2 samba-server-3.6.15-1.2.mga3 samba-client-3.6.15-1.2.mga3 samba-common-3.6.15-1.2.mga3 samba-doc-3.6.15-1.2.mga3 samba-swat-3.6.15-1.2.mga3 samba-winbind-3.6.15-1.2.mga3 nss_wins-3.6.15-1.2.mga3 libsmbclient0-3.6.15-1.2.mga3 libsmbclient0-devel-3.6.15-1.2.mga3 libsmbclient0-static-devel-3.6.15-1.2.mga3 libnetapi0-3.6.15-1.2.mga3 libnetapi-devel-3.6.15-1.2.mga3 libsmbsharemodes0-3.6.15-1.2.mga3 libsmbsharemodes-devel-3.6.15-1.2.mga3 libwbclient0-3.6.15-1.2.mga3 libwbclient-devel-3.6.15-1.2.mga3 samba-virusfilter-clamav-3.6.15-1.2.mga3 samba-virusfilter-fsecure-3.6.15-1.2.mga3 samba-virusfilter-sophos-3.6.15-1.2.mga3 samba-domainjoin-gui-3.6.15-1.2.mga3 from SRPMS: samba-3.6.5-2.4.mga2.src.rpm samba-3.6.15-1.2.mga3.src.rpm Severity:
normal =>
major samba-3.6.20-1.mga4 has been uploaded for Cauldron. CC:
sysadmin-bugs =>
(none) Procedure: https://bugs.mageia.org/show_bug.cgi?id=10926#c7 Whiteboard:
MGA2TOO =>
MGA2TOO has_procedure Advisory uploaded. Please remove 'advisory' tag from whiteboard if anything changes. Whiteboard:
MGA2TOO has_procedure =>
MGA2TOO has_procedure advisory
David Walser
2013-11-19 19:35:01 CET
URL:
(none) =>
http://lwn.net/Vulnerabilities/574315/ Testing complete Mageia 2 and 3, i586 and x86_64. Someone from the sysadmin team please push 11656.adv to updates. Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2013-0348.html Status:
NEW =>
RESOLVED |