1. XenForo 1.5.14 中文版——支持中文搜索!现已发布!查看详情
  2. Xenforo 爱好者讨论群:215909318 XenForo专区

新闻 Samba 4.6.8 发布,安全修复版本 下载

本帖由 漂亮的石头2017-09-21 发布。版面名称:软件资讯

  1. 漂亮的石头

    漂亮的石头 版主 管理成员

    注册:
    2012-02-10
    帖子:
    484,892
    赞:
    46
    Samba 4.6.8 已发布,这是一个安全版本,主要解决以下问题:


    • CVE-2017-12150 (SMB1/2/3 connections may not require signing where they should)


    • CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)


    • CVE-2017-12163 (Server memory information leak over SMB1)

    详情


    • CVE-2017-12150: A man in the middle attack may hijack client connections.


    • CVE-2017-12151: A man in the middle attack can read and may alter confidential documents transferred via a client connection, which are reached via DFS redirect when the original connection used SMB3.


    • CVE-2017-12163: Client with write access to a share can cause server memory contents to be written into a file or printer.

    有关详细信息和解决方法,请参阅安全性建议:

    https://www.samba.org/samba/security/CVE-2017-12150.html

    https://www.samba.org/samba/security/CVE-2017-12151.html

    https://www.samba.org/samba/security/CVE-2017-12163.html

    Changes since 4.6.7:Jeremy Allison <jra@samba.org>


    • BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes async.


    • BUG 13020: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server memory to file.

    Ralph Boehme <slow@samba.org>


    • BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories directly.

    Stefan Metzmacher <metze@samba.org>


    • BUG 12996: CVE-2017-12151: Keep required encryption across SMB3 dfs redirects.


    • BUG 12997: CVE-2017-12150: Some code path don't enforce smb signing when they should.
    Samba 4.6.8 发布,安全修复版本下载地址
     
正在加载...