Gerald (Jerry) Carter
2007-May-14 14:13 UTC
[Samba] Patched 3.0.24 tree for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, As a small means of community service, I've decided to provide an unofficial patched version of 3.0.24 (tagged as 3.0.24-gc-1) to address the CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447 security advisories. The bzr branch is hosted at http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/ The source tarball is available from http://download.samba.org/samba/ftp/people/jerry/3.0.24/ The Fedora Core 6 RPMS have been uploaded to http://download.samba.org/samba/ftp/Binary_Packages/Fedora/ This is it *not* an official release from samba.org and therefore has been signed with my GPG private key (ID D83511F6). The security issues have been officially fixed in Samba 3.0.25 upgrade release. However, if you don't want to make the jump to 3.0.25 just yet, this 3.0.24 based snapshot might be just for you. cheers, jerry - -- ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian ========ATTENTION ======== The Samba 3.0.24-gc-X releases are not official samba.org releases. They are cut from a privately maintained branch which can be found at http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/ This is done as a service to community to include backported fixes to the Samba 3.0.24 release in case people do not wish to upgrade. The 3.0.24-gc-X tree is not an active development tree but rather a stable release branch similar to the Linux kernel 2.6.xx.yy releases. My hope is that this will be helpful to some people. More information about Samba.org official production releases may be found at http://www.samba.org/. cheers, jerry Gerald Carter <jerry@samba.org> Changes in 3.0.24-gc-1: - ----------------------- * Merged patches for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447 (More information available at http://www.samba.org/samba/security/) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGSG5jIR7qMdg1EfYRAv6gAJkBEtpnUCe42B+tnhhXrNeFphMQFwCcCok4 d9zV0yubJmUVK4l94WL+FDU=axMU -----END PGP SIGNATURE-----
Possibly Parallel Threads
- New snapshot of patched 3.0.24 posted
- [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution
- [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution
- [wishlist, patch] Removing .bzr/ directory when calling R CMD build (PR#10625)
- WINEDLLPATH weirdness