Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[slackware-security] samba (SSA:2009-005-01)

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

[slackware-security] samba (SSA:2009-005-01)

 

New samba packages are available for Slackware 12.2 and -current to fix a

security issue.

 

More details about this issue may be found in the Common

Vulnerabilities and Exposures (CVE) database:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022

 

 

Here are the details from the Slackware 12.2 ChangeLog:

+--------------------------+

patches/packages/samba-3.2.7-i486-1_slack12.2.tgz:

Upgraded to samba-3.2.7.

This fixes a security issue. From the WHATSNEW.txt file:

"This is a security release in order to address CVE-2009-0022.

o CVE-2009-0022

In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled,

access to the root filesystem ("/") is granted

when connecting to a share called "" (empty string)

using old versions of smbclient (before 3.0.28).

The original security announcement for this and past advisories can

be found http://www.samba.org/samba/security/"

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022

(* Security fix *)

+--------------------------+

 

 

Where to find the new packages:

+-----------------------------+

 

HINT: Getting slow download speeds from ftp.slackware.com?

Give slackware.osuosl.org a try. This is another primary FTP site

for Slackware that can be considerably faster than downloading

directly from ftp.slackware.com.

 

Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating additional FTP and rsync hosting

to the Slackware project! :-)

 

Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.

 

Updated package for Slackware 12.2:

ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/samba-3.2.7-i486-1_slack12.2.tgz

 

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.2.7-i486-1.tgz

 

 

MD5 signatures:

+-------------+

 

Slackware 12.2 package:

84369b496d7b0cfacb7c8548b0183630 samba-3.2.7-i486-1_slack12.2.tgz

 

Slackware -current package:

3de9646804a53a6cf9df44df2e68ce13 samba-3.2.7-i486-1.tgz

 

 

Installation instructions:

+------------------------+

 

Upgrade the package as root:

# upgradepkg samba-3.2.7-i486-1_slack12.2.tgz

 

Then, restart the Samba server if the machine uses it:

 

# /etc/rc.d/rc.samba restart

 

 

+-----+

 

Slackware Linux Security Team

http://slackware.com/gpg-key

security ( -at -) slackware.com

 

+------------------------------------------------------------------------+

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×