This is an old revision of the document!
Slackware64-14.0 ChangeLog (2016-07-07)
Thu Jul 7 19:52:36 UTC 2016
Packages
Upgraded
- patches/packages/samba-4.2.14-x86_64-1_slack14.0.txz
This release fixes a security issue:
Client side SMB2/3 required signing can be downgraded.
It's possible for an attacker to downgrade the required signing for an
SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or
SMB2_SESSION_FLAG_IS_NULL flags. This means that the attacker can
impersonate a server being connected to by Samba, and return malicious
results.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119
(* Security fix *)