update for samba
Samba upgrade to version 3.6.3 fixes the following security issue:
- PIDL based autogenerated code allows overwriting beyond of allocated
array. Remove attackers could exploit that to execute arbitrary code
as root (CVE-2012-1182, bso#8815, bnc#752797)
Please see /usr/share/doc/packages/samba/WHATSNEW.txt from the
samba-doc package or the package change log (rpm -q --changelog
samba) for more details of the version update.
-
Submitted by
Lars Müller (lmuelle)
Fixed bugs
bnc#752797
samba: PIDL out of bounds array write
CVE-CVE-2012-1182
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arb
