| Errata ID | 224 |
|---|---|
| Date | 2017-11-21 |
| Source package | samba |
| Fixed in version | 2:4.6.1-1A~4.2.0.201711161303 |
| Description | This update addresses the following issue(s): * Use-after-free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server (CVE-2017-14746) * Server heap memory information leak, where server allocated heap memory may be returned to the client without being cleared (CVE-2017-15275) |
| Additional notes | |
| CVE ID | CVE-2017-14746 CVE-2017-15275 |
| UCS Bug number | #45665 |
