[Bluewhite64 Linux Security] samba [BW64SA:20090628-02]
Hash: SHA1
[Bluewhite64 Linux Security] samba [BW64SA:20090628-02]
New samba packages are available Bluewhite64 Linux 11.0, 12.0,
12.1, 12.2, and -current to fix security issues.
More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886
Here are the details from the Bluewhite64 Linux 12.2 ChangeLog:
- ----------------------------------------------------------------
PATCHES/packages/samba-3.2.13-x86_64-1.tgz: Upgraded.
This upgrade fixes the following security issues:
- in Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes";
- in Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made
to execute code triggered by the server.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886
[*** Security fix ***]
Download the new packages from:
- --------------------------------
For Bluewhite64 Linux 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/samba-3.0.35-x86_64-1.tgz
For Bluewhite64 Linux 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/samba-3.0.35-x86_64-1.tgz
For Bluewhite64 Linux 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/samba-3.0.35-x86_64-1.tgz
For Bluewhite64 Linux 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/samba-3.2.13-x86_64-1.tgz
For Bluewhite64 Linux -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/n/samba-3.2.13-x86_64-1.txz
Also, please see the "Get Bluewhite64" section on http://www.bluewhite64.com for
additional mirror sites near you.
MD5 signatures:
- ----------------
Bluewhite64 11.0 package:
cdd85834aec94abe22d2bf908051e0e8 samba-3.0.35-x86_64-1.tgz
Bluewhite64 12.0 package:
33ef4ab58b5ad9d3b828050a1291460e samba-3.0.35-x86_64-1.tgz
Bluewhite64 12.1 package:
5b3345537de3e090912af2a9e66af342 samba-3.0.35-x86_64-1.tgz
Bluewhite64 12.2 package:
869fbb3dfb33a8e46d1e840e0625569b samba-3.2.13-x86_64-1.tgz
Bluewhite64 -current package:
b4425b71e9873bb115bf65ab4eaa9e60 samba-3.2.13-x86_64-1.txz
Installation instructions:
- ----------------------------
Upgrade the package as root:
# upgradepkg samba-3.2.13-x86_64-1.tgz
Restart the Samba server if you are using it:
# /etc/rc.d/rc.samba restart
- ---
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
- ------------------------------------------------------
To leave the bluewhite64-security mailing list:
Send a blank email to
bluewhite64-security-unsubscribe©bluewhite64.com
You will get a confirmation message back containing
instructions to complete the process.
Please do not reply to this email address.
- ------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpHDBMACgkQpTOsxuDdlY7txQCfe+HJX1sDT3snd48zOdtByNXq
VOEAn0L90bEOMNnumDEYSnSAnOeDwqH/
=gscl
-----END PGP SIGNATURE-----