samba-3.6.9-167.AXS4
エラータID: AXSA:2014-033:01
Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.
Security issues fixed with this release:
• CVE-2013-0213
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
• CVE-2013-0214
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
• CVE-2013-4124
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
• CVE-2013-4408
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.
• CVE-2013-4475
Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
Update packages.
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
N/A
SRPMS
- samba-3.6.9-167.AXS4.src.rpm
MD5: b61ac9399d07c9c7dd0ec77b73085145
SHA-256: 025b6270886d82edcc8bbd39d19dafd12edd548a314ec4a64019ee299e7fd0db
Size: 28.14 MB
Asianux Server 4 for x86
- libsmbclient-3.6.9-167.AXS4.i686.rpm
MD5: efeb5a2e84071338eecfcd2735be6160
SHA-256: f1385f922079fd5446c6b195464af957d8fe87cda366a4cf0469016b65244b7c
Size: 1.56 MB - samba-3.6.9-167.AXS4.i686.rpm
MD5: b8f8966976fdf294ddde3fa0532fde33
SHA-256: 0b5f5134221aeff1aa481c1afa1141be48a4caf7ab868210ecc73dead4ebcd06
Size: 5.02 MB - samba-client-3.6.9-167.AXS4.i686.rpm
MD5: 59930c00f6a2026e936d910714a6a5a6
SHA-256: c72cc3082a7fa445fd047b53d98ea337bc229515ad3ea7bef5956d7e17dcd7a5
Size: 10.67 MB - samba-common-3.6.9-167.AXS4.i686.rpm
MD5: fc413ed5c89366f30609533ec146f9f6
SHA-256: 7692b34bfdc8d43d6071d83d19d15d81c39f0540048bc30c1476df25c2fde12b
Size: 9.93 MB - samba-winbind-3.6.9-167.AXS4.i686.rpm
MD5: af17378f06109404565a30c47b77745c
SHA-256: 22be42f61435a28854f969337f865e7d932507b21a8041db4c74cf1075e185a2
Size: 2.17 MB - samba-winbind-clients-3.6.9-167.AXS4.i686.rpm
MD5: ef80bc462b5ae47caf10bb7a900657e3
SHA-256: 5bad7bbc3bbda2cbe39619780efc75a775bb9e0758f63c4496fd1c6dfe0ac868
Size: 1.98 MB
Asianux Server 4 for x86_64
- libsmbclient-3.6.9-167.AXS4.x86_64.rpm
MD5: 546ce9a65f941d416731e61d8dc2c09e
SHA-256: 087d68b9eb14ea1aff58186e1b4bdc09471e3c87732f38b0eeaa88330f67ec4c
Size: 1.58 MB - samba-3.6.9-167.AXS4.x86_64.rpm
MD5: b60d471ce3b9b3c8ea08809483e968e6
SHA-256: 0576c6f3f70eabe885ba97ce5a8cbd313a27923c8f412a3d32628175da3915cd
Size: 5.03 MB - samba-client-3.6.9-167.AXS4.x86_64.rpm
MD5: 901c8f2a1f084e09020e1b7deaaf16ba
SHA-256: 888d3c89e204090f97e514ee640b65537d02e7bde49ea591d6c683834f0cb02a
Size: 10.78 MB - samba-common-3.6.9-167.AXS4.x86_64.rpm
MD5: 36120e2273dbdad82420a33c21ee414b
SHA-256: 64ab0eeae93cbc821d1a74d9da8fc36f8695c341ed74181a73499e588080733e
Size: 9.99 MB - samba-winbind-3.6.9-167.AXS4.x86_64.rpm
MD5: f37d854da82fa69ee26084aba84a68e9
SHA-256: 9546cfd037f7cf2e71ee549ed52f0cc4454a283a6d99296550c1e225127223d9
Size: 2.17 MB - samba-winbind-clients-3.6.9-167.AXS4.x86_64.rpm
MD5: eb6fa68df9414e7578b67b2a4da38744
SHA-256: b5d1b3f33e756ab17add0de44d393d41278c5b5646ec1fc6e6abcc7522e92458
Size: 1.99 MB - libsmbclient-3.6.9-167.AXS4.i686.rpm
MD5: efeb5a2e84071338eecfcd2735be6160
SHA-256: f1385f922079fd5446c6b195464af957d8fe87cda366a4cf0469016b65244b7c
Size: 1.56 MB - samba-common-3.6.9-167.AXS4.i686.rpm
MD5: fc413ed5c89366f30609533ec146f9f6
SHA-256: 7692b34bfdc8d43d6071d83d19d15d81c39f0540048bc30c1476df25c2fde12b
Size: 9.93 MB - samba-winbind-clients-3.6.9-167.AXS4.i686.rpm
MD5: ef80bc462b5ae47caf10bb7a900657e3
SHA-256: 5bad7bbc3bbda2cbe39619780efc75a775bb9e0758f63c4496fd1c6dfe0ac868
Size: 1.98 MB
日本語