[bglug] [Fwd: [slackware-security] New Samba package available]
|k|b|s|
bglug@lists.linux.it
Sat, 23 Nov 2002 09:00:20 +0100
This is a multi-part message in MIME format.
--------------090204060309040500080004
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Ricevo e inoltro.
Un augurio di buon lavoro a tutti i partecipanti al linux Day, sia lato
server che lato client. :P
E mi raccomando, cari nuovi utenti, fatevi installare Slack!
Have fun :^)
--
k|b|s ~$ mailto `echo ti.gulgb@sbk|'rev'`
--------------090204060309040500080004
Content-Type: message/rfc822;
name="[slackware-security] New Samba package available"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="[slackware-security] New Samba package available"
>From - Sat Nov 23 08:57:02 2002
X-Mozilla-Status2: 00000000
Return-Path: <owner-slackware-security@slackware.com>
Delivered-To: ciosul@inwind.it
Received: from smtp5.libero.it (193.70.192.55) by ims10a.libero.it (6.5.025)
id 3D2AF20E02642EF3 for ciosul@inwind.it; Sat, 23 Nov 2002 08:32:55 +0100
Received: from blackbox.blacknova.net (216.220.40.202) by smtp5.libero.it (6.5.028)
id 3DD2758A015309ED for ciosul@inwind.it; Sat, 23 Nov 2002 08:32:55 +0100
Received: from bob.slackware.com (slackware.com [64.57.102.34])
by blackbox.blacknova.net (8.11.6/linuxconf) with ESMTP id gAN7Fku22942
for <kbs@linux.ca>; Sat, 23 Nov 2002 02:15:47 -0500
Received: (from daemon@localhost)
by bob.slackware.com (8.11.6/8.11.6) id gAL5f2G20526
for slackware-security-outgoing; Wed, 20 Nov 2002 21:41:02 -0800
Received: from localhost (security@localhost)
by bob.slackware.com (8.11.6/8.11.6) with ESMTP id gAL5f1N20523
for <slackware-security@slackware.com>; Wed, 20 Nov 2002 21:41:02 -0800
Date: Wed, 20 Nov 2002 21:41:01 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] New Samba package available
Message-ID: <Pine.LNX.4.21.0211202135080.20480-100000@bob.slackware.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-slackware-security@slackware.com
Precedence: bulk
Reply-To: Slackware Security Team <security@slackware.com>
New Samba packages are available for Slackware 8.1 and -current
to fix a security problem and provide other bugfixes and improvements.
Here are the details from the Slackware 8.1 ChangeLog:
----------------------------
Wed Nov 20 16:51:23 PST 2002
patches/packages/samba-2.2.7-i386-1.tgz: Upgraded to samba-2.2.7.
Some details (based on the WHATSNEW.txt file included in samba-2.2.7):
This fixes a security hole discovered in versions 2.2.2 through 2.2.6 of
Samba that could potentially allow an attacker to gain root access
on the target machine. The word "potentially" is used because there
is no known exploit of this bug, and the Samba Team has not been able to
craft one ourselves. However, the seriousness of the problem warrants
this immediate 2.2.7 release. There was a bug in the length checking for
encrypted password change requests from clients. A client could potentially
send an encrypted password, which, when decrypted with the old hashed
password could be used as a buffer overrun attack on the stack of smbd. The
attack would have to be crafted such that converting a DOS codepage string
to little endian UCS2 unicode would translate into an executable block of
code. Thanks to Steve Langasek <vorlon@debian.org> and Eloy Paris
<peloy@debian.org> for bringing this vulnerability to our notice.
(* Security fix *)
----------------------------
WHERE TO FIND THE NEW PACKAGES:
-------------------------------
Updated Samba package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/samba-2.2.7-i386-1.tgz
Updated Samba package for Slackware-current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-2.2.7-i386-1.tgz
MD5 SIGNATURES:
---------------
Here are the md5sums for the packages:
Slackware 8.1:
835f2069561251cf9649b1f60ebc21f0 samba-2.2.7-i386-1.tgz
Slackware-current:
18eff1898b289735c51895e628797733 samba-2.2.7-i386-1.tgz
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
--------------090204060309040500080004--