For those who have the 3.0.21b or 3.0.21c, Samba
3.0.22 was released as a security update (about a week
ago). (I just saw someone on the centos list with
3.0.21c so i thought I'd post this announcement for
all others.) The downside to getting non-distro
updates from upstream is that you are responsible for
watching out for security releases.
For those with the CentOS version
(samba-3.0.10-1.4E.6) it already includes all
available errata.
Official Announcement from samba.org:-
Security Release: Samba 3.0.22 Available for Download
This is a security release of Samba. The Samba 3.0.21
release series (including the patch releases a through
c) has been discovered to expose the clear text of the
server's machine account credentials in the winbind
log files when the log level is set to 5 or higher.
Details can be found in the online release notes or in
the original security announcement for CAN-2006-1059.
The Samba 3.0.22 source code can be downloaded now.
The GnuPG signature for the uncompressed tarball is
also available. If you prefer to download just the
diff from 3.0.21c to 3.0.22, the patch file (gpg
signature) is also available. Precompiled packages for
Fedora Core 4, RedHat 9, all SuSE Linux products, and
Solaris are available in the Binary_Packages download
area. Packages for other platforms will be available
shortly.
-----------------------------------------------
Improve the mailing list by performing a simple search
before posting and reading the faq/etiquette.
Thank you!!
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com