similar to: [Announce] Samba 4.1.11 and 4.0.21 Security Releases Available

Release Announcements ===================== Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the

Release Announcements ===================== Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the

Release Announcements ===================== Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694:

Release Announcements ===================== Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694:

Release Announcements ===================== Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes: -------- o Stefan Metzmacher <metze at samba.org> *BUG 8815: PIDL based autogenerated code allows

Release Announcements ===================== Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes: -------- o Stefan Metzmacher <metze at samba.org> *BUG 8815: PIDL based autogenerated code allows

Release Announcements ===================== These are a security releases in order to address CVE-2010-3069. o CVE-2010-3069: All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of

Release Announcements ===================== These are a security releases in order to address CVE-2010-3069. o CVE-2010-3069: All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos ????????????????? RC4-HMAC Elevation of Privilege Vulnerability ????????????????? disclosed by Microsoft on Nov 8 2022. ????????????????? A Samba Active Directory DC will issue weak rc4-hmac ?????????????????

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos ????????????????? RC4-HMAC Elevation of Privilege Vulnerability ????????????????? disclosed by Microsoft on Nov 8 2022. ????????????????? A Samba Active Directory DC will issue weak rc4-hmac ?????????????????

===================================================================== "I'm not insane. My mother had me tested!" Sheldon, Big Bang Theory ===================================================================== Release Announcements --------------------- This is the latest stable release of Samba 4.1. Changes since 4.1.12: --------------------- o Michael Adam

===================================================================== "I'm not insane. My mother had me tested!" Sheldon, Big Bang Theory ===================================================================== Release Announcements --------------------- This is the latest stable release of Samba 4.1. Changes since 4.1.12: --------------------- o Michael Adam

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure when parsing SMB responses == can result in a buffer overrun == == CVE ID#: CVE-2008-1105 == == Versions: Samba 3.0.0 - 3.0.29 (inclusive) == == Summary: Specifically crafted SMB responses can result == in a heap overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Release Announcements ===================== This is a security release in order to address CVE-2008-4314 ("Potential leak of arbitrary memory contents"). o CVE-2008-4314 Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients. The original security announcement for this and past

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Release Announcements ===================== This is a security release in order to address CVE-2008-4314 ("Potential leak of arbitrary memory contents"). o CVE-2008-4314 Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients. The original security announcement for this and past

Hi Team, I have a centos 7 running server with openssl version openssl-1.0.1e-51.el7_2.4.x86_64, I have received a set of vulnerability from security team, can anyone tell me as per below CVE do I need to update my openssl version to 1.0.1t? Or the current version which we have is safe. CVE-2016-0701, CVE-2015-3197 CVE-2015-4000 CVE-2015-0204 CVE-2015-0286, CVE-2015-0287, CVE-2015-0289,

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2018-1050 (Denial of Service Attack on external print server.) o CVE-2018-1057 (Authenticated users can change other users' password.) ======= Details ======= o CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2018-1050 (Denial of Service Attack on external print server.) o CVE-2018-1057 (Authenticated users can change other users' password.) ======= Details ======= o CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack

Thanks for the replies. The tool that we used for testing the security vulnerability is "Nessus". I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed in this version and I want to apply patch for the vulnerbailities CVE-2015-1472 & CVE-2015-1473. Can you please help me in finding the right version that has fixes for these? Thanks On Sat, Apr 25, 2015 at

You might find RedHat's CVE page on this useful: https://access.redhat.com/security/cve/cve-2023-48795 On Tue, Jan 23, 2024 at 10:04?AM Kaushal Shriyan <kaushalshriyan at gmail.com> wrote: > Hi, > > I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise > Linux release 8.7 (Ootpa). The details are as follows. > > # rpm -qa | grep openssh >