[bluewhite64-security] samba (BW64SA:200801129-01)
Hash: SHA1
[bluewhite64-security] samba (BW64SA:200801129-01)
New samba packages are available for Bluewhite64 11.0, 12.0, 12.1, and -current to fix a
possible security vulnerability involving the reading of uninitialized memory.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314
Here are the details from the Bluewhite64 12.1 ChangeLog:
+--------------------------+
PATCHES/packages/samba-3.0.33-x86_64-1.tgz: Upgraded to samba-3.0.33.
This package fixes an important barrier against rogue clients reading from
uninitialized memory (though no proof-of-concept is known to exist).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314
[*** Security fix ***]
+--------------------------+
Where to find the new packages:
+-----------------------------+
See the "Get Bluewhite64" section on http://www.bluewhite64.com for additional
mirror sites near you.
Updated package for Bluewhite64 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/samba-3.0.33-x86_64-1.tgz
Updated package for Bluewhite64 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/samba-3.0.33-x86_64-1.tgz
Updated package for Bluewhite64 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/samba-3.0.33-x86_64-1.tgz
Updated package for Bluewhite64 -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/n/samba-3.2.5-x86_64-1.tgz
MD5 signatures:
+-------------+
Bluewhite64 11.0 package:
029ef45254c165b8e8e0c0ef0051ff16 samba-3.0.33-x86_64-1.tgz
Bluewhite64 12.0 package:
e8056a996144e797134f1b890bf313e9 samba-3.0.33-x86_64-1.tgz
Bluewhite64 12.1 package:
e7a2164e079a38d6b32daffb3e87e595 samba-3.0.33-x86_64-1.tgz
Bluewhite64 -current package:
1b2991a4cd86a950e6c7d8b0be738caa samba-3.2.5-x86_64-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg samba-3.0.33-x86_64-1.tgz
Restart Samba:
# sh /etc/rc.d/rc.samba restart
+-----+
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
+-------------------------------------------------------+
| To leave the bluewhite64-security mailing list:
+-------------------------------------------------------+
| Send a blank email to
|
| bluewhite64-security-unsubscribe©bluewhite64.com
|
| You will get a confirmation message back containing
| instructions to complete the process.
|
| Please do not reply to this email address.
+-------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkxjlcACgkQpTOsxuDdlY76lwCeKfeJ3cjk/Bjy+1Y8sajoPgDX
TvYAnA8bSavFxs3Y/bEr6aeqwSrNKF6O
=onDD
-----END PGP SIGNATURE-----