A memory leak leading to denial of service (smbd crash) was found in the way smbd daemon of the Samba suite performed management of file descriptors related to socket connections. A remote attacker could use this flaw to cause excessive CPU use, or, potentially denial of service via loop of incoming connections. Upstream advisory: [1] http://www.samba.org/samba/security/CVE-2012-0817 Relevant patch: [2] http://www.samba.org/samba/ftp/patches/security/samba-3.6.2-CVE-2012-0817.patch
This issue did NOT affect the version of the samba package, as shipped with Red Hat Enterprise Linux 4. This issue did NOT affect the versions of the samba and samba3x package, as shipped with Red Hat Enterprise Linux 5. This issue did NOT affect the versions of the samba and samba4 package, as shipped with Red Hat Enterprise Linux 6. -- This issue did NOT affect the version of the samba package, as shipped with Fedora release of 15. This issue affects the version of the samba package, as shipped with Fedora release of 16. Please schedule an update.
Created samba tracking bugs for this issue Affects: fedora-16 [bug 785753]
Statement: Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 4, 5, and 6. This issue did not affect the version of samba3x as shipped with Red Hat Enterprise Linux 5. This issue did not affect the version of samba4 as shipped with Red Hat Enterprise Linux 6.
samba-3.6.3-78.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.