[Samba] Patched 3.0.24 tree for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447

Gerald (Jerry) Carter jerry at samba.org
Mon May 14 14:12:51 GMT 2007

Hash: SHA1


As a small means of community service, I've decided to provide
an unofficial patched version of 3.0.24 (tagged as 3.0.24-gc-1)
to address the CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
security advisories.

The bzr branch is hosted at

The source tarball is available from

The Fedora Core 6 RPMS have been uploaded to

This is it *not* an official release from samba.org and therefore
has been signed with my GPG private key (ID D83511F6).  The
security issues have been officially fixed in Samba 3.0.25
upgrade release.  However, if you don't want to make the jump
to 3.0.25 just yet, this 3.0.24 based snapshot might be just
for you.

cheers, jerry
- --
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian


The Samba 3.0.24-gc-X releases are not official samba.org releases.
They are cut from a privately maintained branch which can be found
at http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/
This is done as a service to community to include backported fixes
to the Samba 3.0.24 release in case people do not wish to upgrade.

The 3.0.24-gc-X tree is not an active development tree but rather
a stable release branch similar to the Linux kernel 2.6.xx.yy releases.
My hope is that this will be helpful to some people.

More information about Samba.org official production releases
may be found at http://www.samba.org/.

cheers, jerry
Gerald Carter
<jerry at samba.org>

Changes in 3.0.24-gc-1:
- -----------------------

* Merged patches for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
  (More information available at http://www.samba.org/samba/security/)
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list