Hi, Sorry, but I have the following doubt: Is need apply the CVE-2017-7494 (Remote code execution from a writable share) patch or this patch already was included in Debian repository, this way I need only to execute apt-get upgrade? In the case that I need to apply manually, how do I do it ? I'm using Samba 4.6.3 on Debian 8. Regards, Márcio Bacci
On Wed, 2017-06-28 at 21:51 -0300, Marcio Demetrio Bacci via samba wrote:> Hi, > > Sorry, but I have the following doubt: > > Is need apply the CVE-2017-7494 (Remote code execution from a writable > share) patch or this patch already was included in Debian repository, this > way I need only to execute apt-get upgrade? > > In the case that I need to apply manually, how do I do it ? > > I'm using Samba 4.6.3 on Debian 8.This isn't a version I can find having been packaged by the Debian packaging team, so I suggest you speak to whoever has provided your packages. (So far Samba 4.6 is only in Debian Testing and unstable, not any stable release). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hi, By the way is there a document that explains the process of applying the patch. We are using samba 4.6.3 compiled using source. -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 29/06/17 6:37 AM, Andrew Bartlett via samba wrote:> On Wed, 2017-06-28 at 21:51 -0300, Marcio Demetrio Bacci via samba > wrote: >> Hi, >> >> Sorry, but I have the following doubt: >> >> Is need apply the CVE-2017-7494 (Remote code execution from a writable >> share) patch or this patch already was included in Debian repository, this >> way I need only to execute apt-get upgrade? >> >> In the case that I need to apply manually, how do I do it ? >> >> I'm using Samba 4.6.3 on Debian 8. > This isn't a version I can find having been packaged by the Debian > packaging team, so I suggest you speak to whoever has provided your > packages. > > (So far Samba 4.6 is only in Debian Testing and unstable, not any > stable release). > > Andrew Bartlett >
On Wed, 28 Jun 2017 21:51:54 -0300 Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:> Hi, > > Sorry, but I have the following doubt: > > Is need apply the CVE-2017-7494 (Remote code execution from a writable > share) patch or this patch already was included in Debian repository, > this way I need only to execute apt-get upgrade? > > In the case that I need to apply manually, how do I do it ? > > I'm using Samba 4.6.3 on Debian 8. > > Regards, > > Márcio BacciWhere did you get the 4.6.3 packages from ? Rowland