Thomas Schulz
2015-Mar-19 17:16 UTC
[Samba] Patch(es) and task list to resolve CVE-2015-0240 for version 3.6.23 on Solaris
> > Good morning. > > I am looking to resolve the above vulnerability on our T-4 Solaris boxes. I have not worked or patch Samba before and not sure of the process. > > When I find and apply the patch will it resolve the issue on the version that we are running or do I need to bring our current version more up to date? > > Any assistance would be greatly appreciated. > > Tks in advance. > rG > > Database AdministratorPatches are applied to the souece code and are only applicable if you have built your copy of samba from source. The available patch is ment to patch Samba 3.6.24 but in fact will work with 3.6.23. But, Samba 3.6.23 has several other security issues. Upgrading to Samba 3.6.25 might be the better option. If you have not built Samba from source and do not want to try doing that now, you should try to find a pre-built Samba 3.6.25. No configuration changes should be necessary. Tom Schulz Applied Dynamics Intl. schulz at adi.com
Golden, Rick (DTMB)
2015-Mar-19 17:59 UTC
[Samba] Patch(es) and task list to resolve CVE-2015-0240 for version 3.6.23 on Solaris
Tom, Thank you for your quick response .. I have downloaded version 3.6.25 .. and looking into (reading) the instlall process. Tks rG -----Original Message----- From: Thomas Schulz [mailto:schulz at adi.com] Sent: Thursday, March 19, 2015 1:16 PM To: Golden, Rick (DTMB); samba at lists.samba.org Subject: [Samba] Patch(es) and task list to resolve CVE-2015-0240 for version 3.6.23 on Solaris> > Good morning. > > I am looking to resolve the above vulnerability on our T-4 Solaris boxes. I have not worked or patch Samba before and not sure of the process. > > When I find and apply the patch will it resolve the issue on the version that we are running or do I need to bring our current version more up to date? > > Any assistance would be greatly appreciated. > > Tks in advance. > rG > > Database AdministratorPatches are applied to the souece code and are only applicable if you have built your copy of samba from source. The available patch is ment to patch Samba 3.6.24 but in fact will work with 3.6.23. But, Samba 3.6.23 has several other security issues. Upgrading to Samba 3.6.25 might be the better option. If you have not built Samba from source and do not want to try doing that now, you should try to find a pre-built Samba 3.6.25. No configuration changes should be necessary. Tom Schulz Applied Dynamics Intl. schulz at adi.com