ok ajacoutot@
Upcoming commits will add additional tweaks.
Many thanks to Vadim Zhukov (who did most of the work), Ian McWilliam
(co-maintainer), Stuart Henderson who provided lots of support and
feedback, Antoine Jacoutot who patiently dealt with my broken diffs,
and more generally all the people involved. Most of the recent work was
done during p2k15 and c2k15.
which should all be started/stopped together), previously "restart" would
restart each sub-daemon in turn, but actually it should stop all daemons
and only then start them again. Additionally, as suggested by ajacoutot,
stop the procedure and return an error if stopping one of the rc scripts
failed. ok ajacoutot@ rpe@
CVE-2014-0244: malformed packet can nmbd to loop, preventing further
NetBIOS name service
CVE-2014-3493: smbd "crash involving overwriting memory on an
authenticated connection" (just classed as a DoS in release notes,
but that may be optimistic)
DCE-RPC fragment length field is incorrectly checked. CVE-2013-4408
ACLs are not checked on opening an alternate data stream on a file or directory. CVE-2013-4475
ok sthen@
are executable, I needed it for the bacula script which runs daemons split
between two packages, ajacoutot suggested applying to other similar scripts.
o Fix possible memory leaks in the Samba master process (bug #8970).
o Fix uninitialized memory read in talloc_free().
o Fix joining of XP Pro workstations to 3.6 DCs (bug #8373).
http://www.samba.org/samba/security/CVE-2012-2111
Samba versions 3.4.x to 3.6.4 inclusive are affected by a
vulnerability that allows arbitrary users to modify privileges on a
file server.
Security checks were incorrectly applied to the Local Security
Authority (LSA) remote proceedure calls (RPC) CreateAccount,
OpenAccount, AddAccountRights and RemoveAccountRights allowing any
authenticated user to modify the privileges database.
This is a serious error, as it means that authenticated users can
connect to the LSA and grant themselves the "take ownership"
privilege. This privilege is used by the smbd file server to grant the
ability to change ownership of a file or directory which means users
could take ownership of files or directories they do not own.
