[Announce] Samba 3.0.35 Security Release Available for Download
forsmbg at googlemail.com
Fri Jun 26 01:50:40 MDT 2009
On Tue, Jun 23, 2009 at 6:41 PM, Karolin Seeger <kseeger at samba.org> wrote:
> Release Announcements
> This is a security release in order to address CVE-2009-1888.
> o CVE-2009-1888:
> In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
> data value can potentially affect access control when "dos filemode"
> is set to "yes".
Hello Samba team,
Just wanted to clarify - do I understand it correctly that pre-3.0.31
versions are not affected by this?
I believe yes and checking the source for that function in older releases
(looked at 3.0.20, 3.0.28 and 3.0.30) shows no "sbuf" structure allocation
that appeared in 3.0.31 and is initialized properly with a patch now, but
could you please confirm that?
More information about the samba-technical