Claimed Zero Day exploit in Samba.
jra at samba.org
Sat Feb 6 18:37:19 MST 2010
On Sat, Feb 06, 2010 at 07:44:18PM +0200, Eren Türkay wrote:
> I'm sure Samba team is working on it. However, I don't know how Samba
> developers are treating this issue. In my humble opinion, this issue deserves
> high priority.
> I would be happy if I can learn when Samba team will respond to this issue
> with a patch. Although setting proper configuration solves the issue, applying
> proper fix without breaking anything would be appreciative.
The patch is already in master to make "wide links" and "unix extensions"
mutually exclusive and wide links off by default, and once reviewed will
go into all active branches.
We're not planning to do a specific security release though, as
changing the config is enough to protect against this.
More information about the samba-technical