[bglug] Fw: [slackware-security] Samba buffer overflow fixed
k|b|s
bglug@lists.linux.it
Mon, 17 Mar 2003 09:36:31 +0100
--=.?NmkyYt/LDk0Q_
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Begin forwarded message:
Date: Sat, 15 Mar 2003 14:55:22 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Samba buffer overflow fixed
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] Samba buffer overflow fixed
The samba packages in Slackware 8.1 and -current have been patched to
fix
a security problem. All sites running samba should upgrade.
Here are the details from the Slackware 8.1 ChangeLog:
+--------------------------+
Sat Mar 15 13:49:04 PST 2003
patches/packages/samba-2.2.8-i386-1.tgz: Upgraded to Samba 2.2.8.
From the Samba web site:
* (14th Mar, 2003) Security Release - Samba 2.2.8
A flaw has been detected in the Samba main smbd code which
could allow an external attacker to remotely and anonymously
gain Super User (root) privileges on a server running a
Samba server. This flaw exists in previous versions of Samba
from 2.0.x to 2.2.7a inclusive. This is a serious problem
and all sites should either upgrade to Samba 2.2.8
immediately or prohibit access to TCP ports 139 and 445.
(* Security fix *)
+--------------------------+
More information may be found in the Samba release notes.
WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+
Updated Samba package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/samba-2.2.8-i386-1.tgz
Updated Samba package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-2.2.8-i386-1.tgz
MD5 SIGNATURES:
+-------------+
Here are the md5sums for the packages:
Slackware 8.1 package:
be4bee0ed2c50e9313150843e41b09ad samba-2.2.8-i386-1.tgz
Slackware -current package:
940d26d3f74763524976a61f44637b22 samba-2.2.8-i386-1.tgz
INSTALLATION INSTRUCTIONS:
+------------------------+
As root, upgrade the samba package(s) with upgradepkg:
upgradepkg samba-2.2.8-i386-1.tgz
Then, restart samba:
/etc/rc.d/rc.samba restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+----------------------------------------------------------------------
--+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:
|
+----------------------------------------------------------------------
--+
| Send an email to majordomo@slackware.com with this text in the body of
|
| the email message:
|
|
|
| unsubscribe slackware-security
|
|
|
| You will get a confirmation message back. Follow the instructions to
|
| complete the unsubscription. Do not reply to this message to
|
| unsubscribe!
|
+----------------------------------------------------------------------
--+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+c6CcakRjwEAQIjMRAksxAJ4jbhqBtqRD2FqGIx5bVFg8isApwwCfSO2C
VZ9TRhF307P8DfFZn6jo4f4=
=V9F1
-----END PGP SIGNATURE-----
--
#! Shebang * %! Hebang * %%#%% Gangbang
* k|b|s * mailto `echo ti.gulgb@sbk|'rev'`
--=.?NmkyYt/LDk0Q_
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iD8DBQE+dYkPPJE4D78UP9MRAsjcAJ9rkDiIMKeo8ANX00aBQADSx0K9YACfXXKr
zfaR05BJWp6/otRlxOCdISw=
=C/5K
-----END PGP SIGNATURE-----
--=.?NmkyYt/LDk0Q_--