thr3ads.net - samba - [Samba] Debian packages fixing CVE-2009-0022 are available [Jan 2009]

If this information is useful, please help other people find it:
Share via:

Christian Perrier

2009-Jan-06 07:25 UTC

[Samba] Debian packages fixing CVE-2009-0022 are available

Quoting Karolin Seeger (kseeger@samba.org):
>    o CVE-2009-0022
>      In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled,
>      access to the root filesystem ("/") is granted
>      when connecting to a share called "" (empty string)
>      using old versions of smbclient (before 3.0.28).

The Debian Samba packaging team uploaded 2:3.2.5-3 packages yesterday
in Debian unstable. They include the fix for CVE-2009-0022.

These packages should enter Debian lenny (the next-to-come Debian
release) very soon.

Please note that 3.2.7 packages will not be provided in Debian
lenny. Because of the freeze in preparation for lenny, we stopped the
counter at 3.2.5. 

We however provide *unofficial* packages of 3.2.6 (and soon 3.2.7) as
announced in
http://www.perrier.eu.org/weblog/2008/12/21#samba-backports
(again, this is not an official service by Debian, only a courtesy
service by the packagers, on a best effort basis).

samba - Jan 2009 - Debian packages fixing CVE-2009-0022 are available

[Samba] Debian packages fixing CVE-2009-0022 are available