Microsoft hotfix MS04-011, breaks Samba password change.

Jeremy Allison jra at samba.org
Tue May 4 16:31:07 GMT 2004


Hi all,

	I wanted to give an update on this as I know this MS Hotfix
is critical and must be applied to protect against the (latest) Microsoft
worm.

I think I've found the problem in the code, and am currently testing
a fix for this (not in the release to others to test stage yet). As
soon as I'm reasonably confident I'll put a patch out there for others
to test, and we'll probably do a new stable release to ensure this is
fixed in the current codebase.

Once we know how complex the fix is I'll look at adding it into the
2.2.x codebase and maybe releasing a 2.2.9 for all the people who are
satisfied with Samba 2.2.8a and don't want to move to 3.0.x yet.

I'm also very unhappy with Microsoft for releasing improperly tested
hotfixes, but that's another story I'll probably be taking up with
the Technical Comittee overseeing the DoJ Microsoft settlement and
the EU as well.

Cheers,

	Jeremy.


More information about the samba-technical mailing list