[Samba] Security problem with Samba on Linux: situation for Debian
Jeremy Allison
jra at samba.org
Wed Mar 10 15:55:53 MST 2010
On Wed, Mar 10, 2010 at 07:07:27AM +0100, Christian PERRIER wrote:
> Quoting Jeremy Allison (jra at samba.org):
> > Security problem with Samba on Linux
> > ------------------------------------
> >
> > In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code
> > was added to fix a problem with Linux asynchronous IO handling.
>
> Situation for Debian:
>
> - Debian stable isn't affected by this issue (we have 3.2.5+patches there)
> - Official backports from www.backports.org aren't affected too (we
> have 3.4.5)
> - Debian unstable has 3.4.7 since yesterday, a few hours after the
> official annoucement. As it had 3.4.6 earlier, users of
> Debian unstable *are strongly advised to "apt-get upgrade"*
> - Debian experimental has 3.5.1 since about the same time. Users who
> follow samba in experimental to have 3.5 should also upgrade
>
> The most important info:
> ------------------------
>
> - Debian testing (squeeze) *is* affected as of now. By a very very
> infortunate sequence of events, yesterday was the day where 3.4.6
> packages that were in unstable aged enough to enter testing.
> And they did. Before I could notice (I happen to do paid work
> during the day..:-))
>
> So, users of Debian testing should either avoid upgrading today if
> they still have 3.4.5 packages or upgrade their systems ASAP
> with the packages uploaded yesterday in unstable (you need to do
> this manually) if they already upgraded to 3.4.6
>
> 3.4.7 packages were bumped to "high" urgency, which means they will
> enter testing by Thursday March 11th (I'm unsure about the exact
> time).
>
>
> I don't think that Ubuntu is affected by all this, even the soon to
> come Lucid....but this is unverified information.
Thanks for all the information on the Debian situation.
I fixed "make test" yesterday so it can run as root and
will detect and fail the test if smbd has the DAC_OVERRIDE
problem, so we should be safe from any possible regressions
in future.
Thanks,
Jeremy.
More information about the samba
mailing list