Repository 32bit  Forum
Repository 64bit  Wiki
Thu Sep 21 01:23:24 UTC 2017
n/samba-4.6.8-i586-1.txz: Upgraded.
  This is a security release in order to address the following defects:
  SMB1/2/3 connections may not require signing where they should. A man in the
  middle attack may hijack client connections.
  SMB3 connections don't keep encryption across DFS redirects. A man in the
  middle attack can read and may alter confidential documents transferred via
  a client connection, which are reached via DFS redirect when the original
  connection used SMB3.
  Server memory information leak over SMB1. Client with write access to a share
  can cause server memory contents to be written into a file or printer.
  For more information, see:
  https://www.samba.org/samba/security/CVE-2017-12150.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12150
  https://www.samba.org/samba/security/CVE-2017-12151.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12151
  https://www.samba.org/samba/security/CVE-2017-12163.html
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163
  (* Security fix *)