Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in net-fs/samba |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: net-fs/samba Package Version: [cpe:/a:samba:samba:4.5.3 cpe:/a:samba:samba:4.8.0] Advisory: CVE-2017-12151 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-12151 CVSS severity score: 5.8/10.0 Confidence: high Description: A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
,
Oct 4
I will take a look.
,
Oct 4
,
Oct 4
https://pantheon.corp.google.com/storage/browser/chromeos-image-archive/atlas-paladin/R71-11126.0.0-rc3 reports: { "ComponentName": "net-fs/samba", "Repository": "cros", "Targets": [ "cpe:/a:samba:samba:4.8.0", "cpe:/a:samba:samba:4.8.0" ] }, So I'm tempting to WontFix this and wait to see if it happens again.
,
Oct 4
,
Oct 4
this is already at least the second instance ;) but we have a b/ filed so maybe that's good enough
,
Oct 4
No use having two open issues for things. b is https://b.corp.google.com/issues/117109161
,
Oct 5
The NextAction date has arrived: 2018-10-05
,
Jan 11
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by vapier@chromium.org
, Oct 3