[3.4] samba: Multiple vulnerabilities (CVE-2017-12150, CVE-2017-12151, CVE-2017-12163)
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should
Affected versions:
samba 3.0.25 to 4.6.7
Fixed in:
samba 4.6.8, 4.5.14 and 4.4.16
References:
https://www.samba.org/samba/security/CVE-2017-12150.html
https://www.samba.org/samba/history/security.html
CVE-2017-12151: SMB3 connections don’t keep encryption across DFS redirects
Affected versions:
samba 4.1.0 to 4.6.7
Fixed in:
samba 4.6.8, 4.5.14 and 4.4.16
References:
https://www.samba.org/samba/security/CVE-2017-12151.html
https://www.samba.org/samba/history/security.html
CVE-2017-12163: Server memory information leak over SMB1
Affected versions:
All versions of samba
Fixed in:
samba 4.6.8, 4.5.14 and 4.4.16
References:
https://www.samba.org/samba/security/CVE-2017-12163.html
https://www.samba.org/samba/history/security.html
(from redmine: issue id 7894, created on 2017-09-25, closed on 2017-10-25)
- Relations:
- parent #7890 (closed)
- Changesets:
- Revision 1c38a7f3 on 2017-10-24T08:58:48Z:
main/samba: security upgrade to 4.4.16
(CVE-2017-12150, CVE-2017-12151, CVE-2017-12163)
fixes #7894