Leak in Samba Versions from 3.0.29
Samba versions from 3.0.29 include a security failure. Developers have released an update to fix it.
The Samba advisory indicates that the security leak resulted from a change to GNU Compiler Collection (GCC) version 4 optimization. It seems a cut-and-paste error in the range checking code can allow a malicious client to alter the Server Message Block (SMB) process to pass arbitrary memory requests back to itself.
The Samba team ran into the error during an internal code investigation. The advisory recommends an immediate patch upgrade.
Patches are available for download here. The new Samba versions, 3.2.5 and 3.0.33 already have the patches applied. The team also points to the fact that the Samba 3.2 directories are now located in the /recent directory and are no longer in an experimental state.
Issue 200/2017
Buy this issue as a PDF
News
-
Trojan Turns Raspberry Pi into a Cryptocurrency Mining Device
Two trojans in the wild are targeting Linux machines.
-
Fedora 26 Beta Comes with New Features
The workstation comes with the latest Gnome desktop environment and support for many application build systems.
-
Raspberry Pi Foundation Merges with CoderDojo Foundation
The two foundations join forces to expand their efforts to reach young people.
-
Samba Security Hole Patched but Risk is Bigger
Millions of devices that use Samba Server are vulnerable to attacks.
-
Red Hat Announces OpenShift.io
Red Hat takes its IDE online.
-
Microsoft Bakes Linux into Windows Server
Microsoft is slowly becoming a Linux vendor.
-
Fearless Coyote, Linux Kernel 4.11 is Out
The new kernel makes swap implementation more scalable, which will help cloud providers.
-
Docker Appoints Steve Singh CEO
The new CEO comes from a very strong SaaS background.
-
Docker Announces Linux Kit and Moby Project
Both projects help organizations build their own containerized systems.
-
Ubuntu Returns to Gnome as Its Mobile Plans Shatter
Mark Shuttleworth has resumed the position of CEO of Canonical.