[Samba] CVE-2012-1182 patches
Matthieu Patou
mat at samba.org
Sat Apr 28 15:29:14 MDT 2012
On 04/16/2012 05:45 PM, Earl J Sanchez wrote:
> Hi,
>
> We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at
> the samba site for patches for the CVE-2012-1182 vulnerability, but the
> closest patch versions I see are for samba 3.4.15& 3.4.16.
> Is there a specific patch to fix samba 3.4.2?
>
> Also, since we are patching, is there a cluster of patches available
> specifically for samba 3.4.2?
No we produce patches always for the latest version in a given branch
(3.4, 3.5, 3.6, ...), if the samba that you are using is the one that
was packaged by Sun and if you are still under support by Oracle then
ask them for an update. If you build your own samba then you have two
options:
* try to backport the patches between 3.4.14 and 3.4.15 as they all are
related to the security fix
* upgrade to 3.4.15
The backport should work pretty easily as it's related to generated code
and shouldn't be much impacted by the fixes made between 3.4.2 and 3.4.14.
Upgrade to 3.4.15 should be doable too as we just push minor fix between
version in the same branch.
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba
mailing list