[Samba] [Announce] Samba 3.2.13 Security Release Available for
Download
Karolin Seeger
kseeger at samba.org
Tue Jun 23 14:42:28 GMT 2009
Release Announcements
=====================
This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.
o CVE-2009-1886:
In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made
to execute code triggered by the server.
o CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
value can potentially affect access control when "dos filemode"
is set to "yes".
######################################################################
Changes
#######
Changes since 3.2.12
--------------------
o Jeremy Allison <jra at samba.org>
* Fix for CVE-2009-1886.
* Fix for CVE-2009-1888.
================
Download Details
================
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/
The release notes are available online at:
http://www.samba.org/samba/ftp/history/samba-3.2.13.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20090623/7cf95aa9/attachment.bin
More information about the samba
mailing list