[ SlackList ] [ WkikiSlack ]



Fw: [slackware-security] Samba security problem fixed

From: Paweł 'Cav' Kawery <Cav@onlinehome.de>
Date: Tue Apr 08 2003 - 14:05:46 CEST
[slacklist] Fw: [slackware-security] Samba security problem = fixed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Samba security problem = fixed

The samba packages in Slackware 8.1 and 9.0 have been = upgraded to
Samba 2.2.8a to fix a security problem.

All sites running samba should upgrade. 


Here are the details from the Slackware 9.0 = ChangeLog:
+--------------------------+
Mon Apr  7 14:26:53 PDT 2003
patches/packages/samba-2.2.8a-i386-1.tgz:  = Upgraded to samba-2.2.8a.
  From the samba-2.2.8a WHATSNEW.txt:

          &nbs= p; ****************************************
          &nbs= p; * IMPORTANT: Security bugfix for Samba *
          &nbs= p; ****************************************

  Digital Defense, Inc. has alerted the Samba = Team to a serious
  vulnerability in all stable versions of Samba =
  The Common Vulnerabilities and Exposures (CVE) = project has assigned
  the ID CAN-2003-0201 to this defect.

  This vulnerability, if exploited correctly, = leads to an anonymous
  user gaining root access on a Samba serving = system. All versions
  of Samba up to and including Samba 2.2.8 are =
  exploit of the bug has been reported in the = wild. Alpha versions of
  Samba 3.0 and above are *NOT* =

(* Security fix *)
+--------------------------+

More information may be found in the Samba 2.2.8a = release notes.



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated Samba package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackw= are-8.1/patches/packages/samba-2.2.8a-i386-1.tgz

Updated Samba package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackw= are-9.0/patches/packages/samba-2.2.8a-i386-1.tgz



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.1 package:
875ef129196f56d71c833911f3156cd5  = samba-2.2.8a-i386-1.tgz

Slackware 9.0 package:
d1d2b689b79a1a8dfc0ee34fd390e72c  = samba-2.2.8a-i386-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

As root, stop the samba server:

. /etc/rc.d/rc.samba stop

Next, upgrade the samba package(s) with = upgradepkg:

upgradepkg samba-2.2.8a-i386-1.tgz

Finally, start samba again:

. /etc/rc.d/rc.samba start



+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+kfZlakRjwEAQIjMRAunYAJwO7tAYu+nT6eK3pl/QUFDRNJK5RACfb27W=
sky8+QhsZnx0/Jezsuk0EwY=
=BAYr
-----END PGP SIGNATURE-----

Received on Sat Feb 21 03:36:17 2004
This archive was generated by hypermail 2.1.8. Wyprawa Shackleton 2014