[ANNOUNCE] Samba 3.2.3 Security Release Available for Download
Karolin Seeger
kseeger at samba.org
Wed Aug 27 15:41:04 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===============================================================
"Between too early and too late, there is never
more than a moment."
Franz Werfel
===============================================================
Release Announcements
=====================
This is a security release in order to address CVE-2008-3789 ("Wrong
permissions of group_mapping.ldb").
o CVE-2008-3789
The file group_mapping.ldb is created with
the permissions 0666. That means everyone
is able to edit this file and might map any
SID to root.
The original security announcement for this and past advisories can
be found http://www.samba.org/samba/security/
######################################################################
Changes
#######
Changes since 3.2.2
- -------------------
o Andrew Tridgell <tridge at samba.org>
* Fix for CVE-2008-3789.
================
Download Details
================
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/
The release notes are available online at:
http://www.samba.org/samba/ftp/history/samba-3.2.3.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFItXCAKGi9fisXk1ERAiUBAJ41KmNwYje8K74O1Oq3J+BXqpytKACfal/U
7aMfXdyShis+8qt1e1abELY=
=xFa1
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list