CVE-2010-0728 and SUSE based products (was: Security problem with Samba on Linux - affects 3.5.0, 3.4.6 and 3.3.11)

Lars Müller lmuelle at suse.de
Fri Mar 12 11:40:45 MST 2010


On Mon, Mar 08, 2010 at 02:08:27PM -0800, Jeremy Allison wrote:
> Security problem with Samba on Linux
> ------------------------------------
> 
> In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code
> was added to fix a problem with Linux asynchronous IO handling.

As the SUSE Samba binaries are not linked against libcap, we are not
affected in any shipping products.  Therefore no action is required from
SUSE users.

Nevertheless https://bugzilla.samba.org/show_bug.cgi?id=7222
CVE-2010-0728 and https://bugzilla.novell.com/show_bug.cgi?id=586683 are
noted in the package change log as reference to this security issue.

3.5.1 got already merged into the current openSUSE development tree
(Factory).

Binaries of current Samba version are available from the openSUSE Build
Service by the network:samba:STABLE repository.  More information about
this service, Samba and SUSE is available from
http://en.openSUSE.org/Samba

Lars
-- 
Lars Müller [ˈlaː(r)z ˈmʏlɐ]
Samba Team
SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100312/adf8643c/attachment.pgp>


More information about the samba-technical mailing list