[Samba] patch or upgrade for vulnerability
Gerald (Jerry) Carter
jerry at samba.org
Thu Jun 5 16:01:41 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Moss, Patricia wrote:
> I am trying to do some research on two Samba Vulnerabilities; Samba
> MS-RPC Request Parsing Heap Buffer Overflows (CVE-2007-2446) and Samba
> Remote Command Injection Vulnerability (CVE-2007-2447). In reading the
> documentation for these vulnerabilities, it appears that the available
> patches, to fix the problems, are for version 3.0.24. I am currently
> running version 3.0.21, on Solaris 10. Does that mean that the
> vulnerability does not relate to my version? If not, is there somewhere
> that I can download the patch for version 3.0.21? If not, and the only
> way to resolve the vulnerability is to upgrade, are there upgrade
> documents somewhere? I have installation, but not upgrade
> documentation. Thanks
All of the security announcements indicate the versions which
are impacted. Generally we provide patches for the current release
(at the time) and rely upon vendors to backport to their
versions.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFISA3lIR7qMdg1EfYRAl4eAJ9S+c+VEXut3VJpsFhbIgEYNZQ8WwCfazUi
mgm5M/SYqjO2cLqP9n04U9U=
=e2JA
-----END PGP SIGNATURE-----
More information about the samba
mailing list