Karolin Seeger
2009-Jun-23 14:42 UTC
[Samba] [Announce] Samba 3.2.13 Security Release Available for Download
Release Announcements ==================== This is a security release in order to address CVE-2009-1886 and CVE-2009-1888. o CVE-2009-1886: In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server. o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". ###################################################################### Changes ####### Changes since 3.2.12 -------------------- o Jeremy Allison <jra@samba.org> * Fix for CVE-2009-1886. * Fix for CVE-2009-1888. ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.13.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20090623/7cf95aa9/attachment.bin
Karolin Seeger
2009-Jun-23 14:42 UTC
[Announce] Samba 3.2.13 Security Release Available for Download
Release Announcements ==================== This is a security release in order to address CVE-2009-1886 and CVE-2009-1888. o CVE-2009-1886: In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server. o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". ###################################################################### Changes ####### Changes since 3.2.12 -------------------- o Jeremy Allison <jra@samba.org> * Fix for CVE-2009-1886. * Fix for CVE-2009-1888. ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.13.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
Possibly Parallel Threads
- [Announce] Samba 3.2.13 Security Release Available for Download
- [Announce] Samba 3.3.6 Security Release Available for Download
- [Announce] Samba 3.3.6 Security Release Available for Download
- [Announce] Samba 3.0.35 Security Release Available for Download
- [Announce] Samba 3.0.35 Security Release Available for Download