[Samba] CVE-2017-7494 patches

[Chunduru, Krishnachaithanya]

Hi Rowland,

Thanks for the update.

The setup we have is unaltered from long time. Now we are asked to install the patch for CVE-2017-7494, since we are not running the affected version its fine for now.

But can you please let me know what are vulnerabilities in 3.0.28 and any patches available for it. I will try to update it to the latest version on our dev servers first.

Moreover we have the below version running, not sure if we still have the latest version available from the pware.

pware.samba-3.0.28.rte    3.0.28.0  COMMITTED  Samba 3.0.28



Regards,
Krishna


-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba
Sent: Tuesday, June 06, 2017 7:42 PM
To: samba at lists.samba.org
Subject: Re: [Samba] CVE-2017-7494 patches

On Tue, 6 Jun 2017 19:15:18 +0530
"Chunduru, Krishnachaithanya via samba" <samba at lists.samba.org<mailto:samba at lists.samba.org>> wrote:

> Hi All,
>
> Can someone please confirm if Samba 3.0.28 is vulnerable to
> CVE-2017-7494. If yes, please let me know where I can get the patches
> for this.
>

I can confirm two things here:

1) only Samba from 3.5.0 was vulnerable
2) you really shouldn't be still using 3.0.28, the 3.0 series went EOL
8 years ago.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.