[Samba] New version Samba matrix

Jonathan Buzzard jonathan at buzzard.me.uk
Fri Jan 4 05:33:02 MST 2013

On 26/12/12 15:18, Novosielski, Ryan wrote:
> RHEL 3 I believe reached end of support (by RedHat, not Samba) in
> 2010. I believe RHEL 4 has since reached end of support as well. So
> unless the client is paying for RedHat extended life-cycle service or
> is off the network (unlikely he wants to interface with Samba), he
> should be off of that platform ASAP because he's no longer receiving
> any security patches.

It's worse than that. If I am not mistaken his RHEL3 box has a remote 
root vulnerability curtsey of the Samba PIDL security hole from April 
last year. Even the extended life-cycle service won't help because it 
has a restricted list of services you can run which does not include Samba.

If there is genuinely an Oracle application that cannot be run in 
anything later than RHEL3, then it needs to be run in a VM of some 
description running nothing else apart from this and firewalled as 
tightly as possible.

Anything else including the Samba stuff should be running in separate 
VM's or different hardware. Running either RHEL4 or RHEL3 based 
distributions for services other than is absolutely necessary is crazy 
stupid; and IMHO a sacking offence.


Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

More information about the samba mailing list