Slackwarearm-14.2 ChangeLog (2016-07-09)

Sat Jul 9 07:37:07 UTC 2016

  • patches/packages/samba-4.4.5-arm-1_slack14.2.txz
    This release fixes a security issue:
    Client side SMB2/3 required signing can be downgraded.
    It's possible for an attacker to downgrade the required signing for an
    SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or
    SMB2_SESSION_FLAG_IS_NULL flags. This means that the attacker can
    impersonate a server being connected to by Samba, and return malicious
    For more information, see:
    (* Security fix *)
  • news/2016/07/09/slackwarearm-14.2-changelog.txt
  • Last modified: 6 years ago
  • by Giuseppe Di Terlizzi