On 29 May 2017, at 18:53, Darko Gavrilovic <d.gavrilovic at gmail.com> wrote:> > Hello, does anyone know or able to confirm if Samba CVE-2017-7494 > affects Samba 3.6.25 on Freebsd 9.x? > > https://lists.samba.org/archive/samba-announce/2017/000406.htmlThe advisory very clearly says "all versions of Samba from 3.5.0 onwards", so yes. In addition, the 3.x series is dead, and completely unsupported. It is probably wise to upgrade, for example to 4.6.4. -Dimitry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 194 bytes Desc: Message signed with OpenPGP URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170529/320f1213/attachment.sig>
O. Hartmann
2017-May-30 16:55 UTC
Samba CVE-2017-7494 and SMB implementation of FreeBSD 10 through 12
Am Mon, 29 May 2017 23:47:46 +0200 Dimitry Andric <dim at FreeBSD.org> schrieb:> On 29 May 2017, at 18:53, Darko Gavrilovic <d.gavrilovic at gmail.com> wrote: > > > > Hello, does anyone know or able to confirm if Samba CVE-2017-7494 > > affects Samba 3.6.25 on Freebsd 9.x? > > > > https://lists.samba.org/archive/samba-announce/2017/000406.html > > The advisory very clearly says "all versions of Samba from 3.5.0 > onwards", so yes. In addition, the 3.x series is dead, and completely > unsupported. It is probably wise to upgrade, for example to 4.6.4. > > -Dimitry >I'm just curious and to have an answere at hand for my superiors: FreeBSD has a SMB implementation we uitlise with FreeBSD 10.3 and 11.0. Is FreeBSD's implementation somehow affected by the bug revealed in SAMBA >= 3.6.25? Sorry for this "stupid" question, but I need the answere for the records ;-) Kind regards, Oliver -- O. Hartmann Ich widerspreche der Nutzung oder ?bermittlung meiner Daten f?r Werbezwecke oder f?r die Markt- oder Meinungsforschung (? 28 Abs. 4 BDSG). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170530/a185ceec/attachment.sig>