-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:082
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : samba
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated samba packages fix security vulnerabilities:
In Samba before 3.6.23, the SAMR server neglects to ensure that
attempted password changes will update the bad password count, and does
not set the lockout flags. This would allow a user unlimited attempts
against the password by simply calling ChangePasswordUser2 repeatedly.
This is available without any other authentication (CVE-2013-4496).
Information leak vulnerability in the VFS code, allowing an
authenticated user to retrieve eight bytes of uninitialized memory