thr3ads.net - samba announce - [Samba] [Announce] Samba 3.2.13 Security Release Available for Download [Jun 2009]

If this information is useful, please help other people find it:
Share via:

Karolin Seeger

2009-Jun-23 14:42 UTC

[Samba] [Announce] Samba 3.2.13 Security Release Available for Download

Release Announcements
====================
This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.

   o CVE-2009-1886:
     In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
     with file names treat user input as a format string to asprintf.
     With a maliciously crafted file name smbclient can be made
     to execute code triggered by the server.

   o CVE-2009-1888:
     In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
     value can potentially affect access control when "dos filemode"
     is set to "yes".


######################################################################
Changes
#######

Changes since 3.2.12
--------------------


o   Jeremy Allison <jra@samba.org>
    * Fix for CVE-2009-1886.
    * Fix for CVE-2009-1888.


===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/

The release notes are available online at:

        http://www.samba.org/samba/ftp/history/samba-3.2.13.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20090623/7cf95aa9/attachment.bin

Karolin Seeger

2009-Jun-23 14:42 UTC

head link

[Announce] Samba 3.2.13 Security Release Available for Download

Release Announcements
====================
This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.

   o CVE-2009-1886:
     In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
     with file names treat user input as a format string to asprintf.
     With a maliciously crafted file name smbclient can be made
     to execute code triggered by the server.

   o CVE-2009-1888:
     In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
     value can potentially affect access control when "dos filemode"
     is set to "yes".


######################################################################
Changes
#######

Changes since 3.2.12
--------------------


o   Jeremy Allison <jra@samba.org>
    * Fix for CVE-2009-1886.
    * Fix for CVE-2009-1888.


===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/

The release notes are available online at:

        http://www.samba.org/samba/ftp/history/samba-3.2.13.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team

Maybe Matching Threads

Search for more reasonably related threads

samba announce - Jun 2009 - [Announce] Samba 3.2.13 Security Release Available for Download

[Samba] [Announce] Samba 3.2.13 Security Release Available for Download

[Announce] Samba 3.2.13 Security Release Available for Download

Maybe Matching Threads