[Announce] Samba 3.0.35 Security Release Available for Download
Alexander
forsmbg at googlemail.com
Fri Jun 26 05:37:23 MDT 2009
On Tue, Jun 23, 2009 at 6:41 PM, Karolin Seeger <kseeger at samba.org> wrote:
> Release Announcements
> =====================
>
> This is a security release in order to address CVE-2009-1888.
>
> o CVE-2009-1888:
> In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
> data value can potentially affect access control when "dos filemode"
> is set to "yes".
>
Hello Samba team,
Just wanted to clarify - do I understand it correctly that pre-3.0.31
versions are not affected by this?
I believe yes and checking the source for that function in older releases
(looked at 3.0.20, 3.0.28 and 3.0.30) shows no "sbuf" structure allocation
that appeared in 3.0.31 and is initialized properly with a patch now, but
could you please confirm that?
(looks like my first message to samba-technical at lists.samba.org didn't get
through, apologize if that would be double-post)
regards,
Alexander
More information about the samba-technical
mailing list