samba - Apr 2012 - CVE-2012-1182 patches

Hi,

We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at
the samba site for patches for the CVE-2012-1182 vulnerability, but the
closest patch versions I see  are for samba 3.4.15 & 3.4.16.
Is there a specific patch to fix samba 3.4.2?

Also, since we are patching, is there a cluster of patches available
specifically for samba 3.4.2?

Can you please point me to the links for the samba 3.4.2 patch sets?

Thank you,

-- 
Earl Sanchez
Engineering IT
Ph: 831-439-7431
SV14-122

On 04/16/2012 05:45 PM, Earl J Sanchez wrote:
> Hi,
>
> We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at
> the samba site for patches for the CVE-2012-1182 vulnerability, but the
> closest patch versions I see  are for samba 3.4.15&  3.4.16.
> Is there a specific patch to fix samba 3.4.2?
>
> Also, since we are patching, is there a cluster of patches available
> specifically for samba 3.4.2?
No we produce patches always for the latest version in a given branch 
(3.4, 3.5, 3.6, ...), if the samba that you are using is the one that 
was packaged by Sun and if you are still under support by Oracle then 
ask them for an update. If you build your own samba then you have two 
options:

* try to backport the patches between 3.4.14 and 3.4.15 as they all are 
related to the security fix
* upgrade to 3.4.15

The backport should work pretty easily as it's related to generated code 
and shouldn't be much impacted by the fixes made between 3.4.2 and 3.4.14.
Upgrade to 3.4.15 should be doable too as we just push minor fix between 
version in the same branch.

Matthieu.


-- 
Matthieu Patou
Samba Team
http://samba.org