[Samba] CVE-2012-1182 patches

Matthieu Patou mat at samba.org
Sat Apr 28 15:29:14 MDT 2012

On 04/16/2012 05:45 PM, Earl J Sanchez wrote:
> Hi,
> We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at
> the samba site for patches for the CVE-2012-1182 vulnerability, but the
> closest patch versions I see  are for samba 3.4.15&  3.4.16.
> Is there a specific patch to fix samba 3.4.2?
> Also, since we are patching, is there a cluster of patches available
> specifically for samba 3.4.2?
No we produce patches always for the latest version in a given branch 
(3.4, 3.5, 3.6, ...), if the samba that you are using is the one that 
was packaged by Sun and if you are still under support by Oracle then 
ask them for an update. If you build your own samba then you have two 

* try to backport the patches between 3.4.14 and 3.4.15 as they all are 
related to the security fix
* upgrade to 3.4.15

The backport should work pretty easily as it's related to generated code 
and shouldn't be much impacted by the fixes made between 3.4.2 and 3.4.14.
Upgrade to 3.4.15 should be doable too as we just push minor fix between 
version in the same branch.


Matthieu Patou
Samba Team

More information about the samba mailing list