-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] Samba security problem = fixed
The samba packages in Slackware 8.1 and 9.0 have been =
upgraded to
Samba 2.2.8a to fix a security problem.
All sites running samba should upgrade.
Here are the details from the Slackware 9.0 =
ChangeLog:
+--------------------------+
Mon Apr 7 14:26:53 PDT 2003
patches/packages/samba-2.2.8a-i386-1.tgz: =
Upgraded to samba-2.2.8a.
From the samba-2.2.8a WHATSNEW.txt:
&nbs=
p; ****************************************
&nbs=
p; * IMPORTANT: Security bugfix for Samba *
&nbs=
p; ****************************************
Digital Defense, Inc. has alerted the Samba =
Team to a serious
vulnerability in all stable versions of Samba =
The Common Vulnerabilities and Exposures (CVE) =
project has assigned
the ID CAN-2003-0201 to this defect.
This vulnerability, if exploited correctly, =
leads to an anonymous
user gaining root access on a Samba serving =
system. All versions
of Samba up to and including Samba 2.2.8 are =
exploit of the bug has been reported in the =
wild. Alpha versions of
Samba 3.0 and above are *NOT* =
(* Security fix *)
+--------------------------+
More information may be found in the Samba 2.2.8a = release notes.
WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+
Updated Samba package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackw=
are-8.1/patches/packages/samba-2.2.8a-i386-1.tgz
Updated Samba package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackw=
are-9.0/patches/packages/samba-2.2.8a-i386-1.tgz
MD5 SIGNATURES:
+-------------+
Here are the md5sums for the packages:
Slackware 8.1 package:
875ef129196f56d71c833911f3156cd5 =
samba-2.2.8a-i386-1.tgz
Slackware 9.0 package:
d1d2b689b79a1a8dfc0ee34fd390e72c =
samba-2.2.8a-i386-1.tgz
INSTALLATION INSTRUCTIONS:
+------------------------+
As root, stop the samba server:
. /etc/rc.d/rc.samba stop
Next, upgrade the samba package(s) with = upgradepkg:
upgradepkg samba-2.2.8a-i386-1.tgz
Finally, start samba again:
. /etc/rc.d/rc.samba start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+kfZlakRjwEAQIjMRAunYAJwO7tAYu+nT6eK3pl/QUFDRNJK5RACfb27W=
sky8+QhsZnx0/Jezsuk0EwY=
=BAYr
-----END PGP SIGNATURE-----