Slackware-current ChangeLog (2016-07-07)

Thu Jul 7 19:52:36 UTC 2016

  • n/samba-4.4.5-i586-1.txz
    This release fixes a security issue:
    Client side SMB2/3 required signing can be downgraded.
    It's possible for an attacker to downgrade the required signing for an
    SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or
    SMB2_SESSION_FLAG_IS_NULL flags. This means that the attacker can
    impersonate a server being connected to by Samba, and return malicious
    results.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119
    (* Security fix *)
  • news/2016/07/07/slackware-current-changelog.txt
  • Last modified: 8 years ago
  • by Giuseppe Di Terlizzi