[SCM] Samba Website Repository - branch master updated
Lars Müller
lmuelle at samba.org
Wed Mar 27 09:16:43 MDT 2013
The branch, master has been updated
via 73cdbcd Add CVE-2013-0454 page
from 91d4fb8 Update latest stable release.
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 73cdbcdc0605cd76e4f9a3846f68eb3bf65a0aab
Author: Lars Müller <lars at samba.org>
Date: Wed Mar 27 16:16:30 2013 +0100
Add CVE-2013-0454 page
-----------------------------------------------------------------------
Summary of changes:
security/CVE-2013-0454.html | 42 ++++++++++++++++++++++++++++++++++++++++++
1 files changed, 42 insertions(+), 0 deletions(-)
create mode 100644 security/CVE-2013-0454.html
Changeset truncated at 500 lines:
diff --git a/security/CVE-2013-0454.html b/security/CVE-2013-0454.html
new file mode 100644
index 0000000..6137b10
--- /dev/null
+++ b/security/CVE-2013-0454.html
@@ -0,0 +1,42 @@
+===========================================================
+== Subject: A writable configured share might get read only
+==
+== CVE ID#: CVE-2013-0454
+==
+== Versions: Samba 3.6.0 - 3.6.5 (inclusive)
+==
+== Summary: A share configuration 'read only = no' might result
+== in 'read only = yes'
+==
+===========================================================
+
+===========
+Description
+===========
+
+Due to a assignment vs equality bug a share reference might get
+overwritten. This can lead to 'read only = no' from another share to
+leak into a 'read only = yes' share for a subsequent connections. This
+is a re-evaluation of an already fixed bug.
+
+==========
+Workaround
+==========
+
+Update to 3.6.6 or apply
+http://git.samba.org/?p=samba.git;a=commit;h=15a423bf373a8116a0de7a627eaaea3932541e88
+
+==================
+Patch Availability
+==================
+
+See above.
+
+=======
+Credits
+=======
+
+The release of this information was driven by Ulf Troppens of IBM
+February, 19th 2013.
+
+The required patch got written by Michael Adam 1st of February 2013.
--
Samba Website Repository
More information about the samba-cvs
mailing list