| Errata ID | 148 |
|---|---|
| Date | 2014-07-14 |
| Source package | samba |
| Fixed in version | 4.1.0-1.652.201407091607 |
| Description | * These four security vulnerabilities have been fixed:
* Denial of service (infinite CPU loop) in nmbd
* Denial of service (daemon crash) in the smbd file server daemon
* Information leak in shadow_copy VFS module (not used in the default
configuration)
* Incorrect parsing of the require_membership_of option in Winbind
* Additionally this update fixes an issue which caused a problem for the
Windows DPAPI. To users it appeared as if stored credentials for Windows
applications would not be remembered any longer by the applications
after they changed the logon password for their account. Domains
affected by this need to manually remove the object
"CN=BCKUPKEY_PREFERRED Secret" from the Samba directory service after
the update to make Samba internally generate a new ticket for the
Backupkey protocol. |
| Additional notes | |
| CVE ID | CVE-2014-0244 CVE-2014-3493 CVE-2012-6150 CVE-2014-0178 |
| UCS Bug number | #35192 #35287 |
