Claimed Zero Day exploit in Samba.
Michael Gilbert
michael.s.gilbert at gmail.com
Sun Feb 7 10:35:23 MST 2010
On Sun, 7 Feb 2010 07:57:35 +0100 Christian PERRIER wrote:
> Quoting Jeremy Allison (jra at samba.org):
>
> > The patch is already in master to make "wide links" and "unix extensions"
> > mutually exclusive and wide links off by default, and once reviewed will
> > go into all active branches.
> >
> > We're not planning to do a specific security release though, as
> > changing the config is enough to protect against this.
>
>
> Is there a chance that the patch applies to 3.2 series? We might
> consider using it in Debian lenny.
i've already backported the patche and built updated stable/oldstable
packages [0], and i am waiting for the security team to accept them [1].
best wishes,
mike
[0] http://alioth.debian.org/~gilbert-guest/samba
[1] http://lists.alioth.debian.org/pipermail/secure-testing-team/2010-February/003748.html
More information about the samba-technical
mailing list