rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

samba4: security bump to version 4.6.11

Fixes the following security issues:

- CVE-2017-14746:
   All versions of Samba from 4.0.0 onwards are vulnerable to a use after
   free vulnerability, where a malicious SMB1 request can be used to
   control the contents of heap memory via a deallocated heap pointer. It
   is possible this may be used to compromise the SMB server.

- CVE-2017-15275:
   All versions of Samba from 3.6.0 onwards are vulnerable to a heap
   memory information leak, where server allocated heap memory may be
   returned to the client without being cleared.

   There is no known vulnerability associated with this error, but
   uncleared heap memory may contain previously used data that may help
   an attacker compromise the server via other methods. Uncleared heap
   memory may potentially contain password hashes or other high-value
   data.

For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.6.11.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

author	Peter Korsgaard <peter@korsgaard.com>
	Tue, 21 Nov 2017 22:43:13 +0000 (23:43 +0100)
committer	Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
	Wed, 22 Nov 2017 20:30:35 +0000 (21:30 +0100)
commit	df75c954bc5633045d5c06a87c53d71dad8ae6e1
tree	3813a0e983871bb2ecfa7ecd6b8b38df9ac8d8a8	tree \| snapshot
parent	6803a17c3be938af97e6bed00235acc90a7e5d1b	commit \| diff

package/samba4/samba4.hash		diff \| blob \| history
package/samba4/samba4.mk		diff \| blob \| history