news 28 Posted February 18, 2009 This is a multi-part message in MIME format... ------------=_1234986669-6173-965 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:042 http://www.mandriva.com/security/ _______________________________________________________________________ Package : samba Date : February 18, 2009 Affected: 2009.0 _______________________________________________________________________ Problem Description: Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name (CVE-2009-0022). This update provides samba 3.2.7 to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: f9672d52051da5b814933c2f764cf665 2009.0/i586/libnetapi0-3.2.7-0.1mdv2009.0.i586.rpm 8395587171c03b986d6c6debe32d421d 2009.0/i586/libnetapi-devel-3.2.7-0.1mdv2009.0.i586.rpm 419e8930d9a83af98db87db40b532159 2009.0/i586/libsmbclient0-3.2.7-0.1mdv2009.0.i586.rpm 79a9ddeaad8356546d77f40e5f8823b6 2009.0/i586/libsmbclient0-devel-3.2.7-0.1mdv2009.0.i586.rpm 674ed223557b5c9bf137782cf7a24d89 2009.0/i586/libsmbclient0-static-devel-3.2.7-0.1mdv2009.0.i586.rpm fca38c8651f2dfc79314d4184f9bbfa0 2009.0/i586/libsmbsharemodes0-3.2.7-0.1mdv2009.0.i586.rpm a863211596f28dc756d79896f4e9e161 2009.0/i586/libsmbsharemodes-devel-3.2.7-0.1mdv2009.0.i586.rpm f307514ed1e44e777cc852f0314b6159 2009.0/i586/libtalloc1-3.2.7-0.1mdv2009.0.i586.rpm 642ff276c29471425bff0536aeb9bfdf 2009.0/i586/libtalloc-devel-3.2.7-0.1mdv2009.0.i586.rpm 915958f5aefa05cbcf7e9932351aaec5 2009.0/i586/libtdb1-3.2.7-0.1mdv2009.0.i586.rpm 5b0826d63a36305f2eb55cd73bce0fb0 2009.0/i586/libtdb-devel-3.2.7-0.1mdv2009.0.i586.rpm 630fdfaf7ed4bb735f904c655fd7229a 2009.0/i586/libwbclient0-3.2.7-0.1mdv2009.0.i586.rpm 625d0733d9862bee6491695001b3f495 2009.0/i586/libwbclient-devel-3.2.7-0.1mdv2009.0.i586.rpm 24b1dedd7adc4a4b8f41f4049c521190 2009.0/i586/mount-cifs-3.2.7-0.1mdv2009.0.i586.rpm 786b41af61e1231261d8a691e051e6e8 2009.0/i586/nss_wins-3.2.7-0.1mdv2009.0.i586.rpm 3e7c63f3a2252d8222054a77fe51eb0b 2009.0/i586/samba-client-3.2.7-0.1mdv2009.0.i586.rpm 0243aebbb4d47aa1fab3e8498f2bc0ed 2009.0/i586/samba-common-3.2.7-0.1mdv2009.0.i586.rpm 5fb67d67607d4e70c2395917f57143a7 2009.0/i586/samba-doc-3.2.7-0.1mdv2009.0.i586.rpm d7231c511a3a3e99d9c611a1942e112d 2009.0/i586/samba-server-3.2.7-0.1mdv2009.0.i586.rpm 196ed3589e5cbb63de16098ee947ce78 2009.0/i586/samba-swat-3.2.7-0.1mdv2009.0.i586.rpm bef4656a6f1d3e1e303a82ce5a5736e8 2009.0/i586/samba-winbind-3.2.7-0.1mdv2009.0.i586.rpm 20b63670ed98d96b046929b19d03b17a 2009.0/SRPMS/samba-3.2.7-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 8543b1c900940717ce87593bcd894ddd 2009.0/x86_64/lib64netapi0-3.2.7-0.1mdv2009.0.x86_64.rpm f8a4585909a44f037d90f3f40f5408a7 2009.0/x86_64/lib64netapi-devel-3.2.7-0.1mdv2009.0.x86_64.rpm 5e8baaab26d9b709d4b04f7bde88e9a8 2009.0/x86_64/lib64smbclient0-3.2.7-0.1mdv2009.0.x86_64.rpm 797b7746caa92c8ea28a3e1fa218659a 2009.0/x86_64/lib64smbclient0-devel-3.2.7-0.1mdv2009.0.x86_64.rpm b1ec784b83915df65a7f1d6c06ce46c3 2009.0/x86_64/lib64smbclient0-static-devel-3.2.7-0.1mdv2009.0.x86_64.rpm b4cbff234e2ce3098b79887097ec1f98 2009.0/x86_64/lib64smbsharemodes0-3.2.7-0.1mdv2009.0.x86_64.rpm 26cd1508a8d960e01b1476d64e9a073c 2009.0/x86_64/lib64smbsharemodes-devel-3.2.7-0.1mdv2009.0.x86_64.rpm c4ce64515ad474fcfc4a33ba78e8bc25 2009.0/x86_64/lib64talloc1-3.2.7-0.1mdv2009.0.x86_64.rpm eff77f2eeff1b0f715da1cd6b9885122 2009.0/x86_64/lib64talloc-devel-3.2.7-0.1mdv2009.0.x86_64.rpm 85c16b38fa72a572ff1c09d1de454fb4 2009.0/x86_64/lib64tdb1-3.2.7-0.1mdv2009.0.x86_64.rpm 937d1d412b06fe68e8bd6175c5dbb967 2009.0/x86_64/lib64tdb-devel-3.2.7-0.1mdv2009.0.x86_64.rpm 85fd89501e053f3cd34ec78fbe140803 2009.0/x86_64/lib64wbclient0-3.2.7-0.1mdv2009.0.x86_64.rpm 9d2f55f2a15164e6188b967f99632572 2009.0/x86_64/lib64wbclient-devel-3.2.7-0.1mdv2009.0.x86_64.rpm f90927126796e521d371749467dc115d 2009.0/x86_64/mount-cifs-3.2.7-0.1mdv2009.0.x86_64.rpm e51ea5546011dee07fc7f1d1dbbdf04f 2009.0/x86_64/nss_wins-3.2.7-0.1mdv2009.0.x86_64.rpm 40f9be5aafb9a4e7562479fc54414825 2009.0/x86_64/samba-client-3.2.7-0.1mdv2009.0.x86_64.rpm 22a9db213304d56ba1837a9686694478 2009.0/x86_64/samba-common-3.2.7-0.1mdv2009.0.x86_64.rpm d24f54f23ddf196170c2fe8e149e853f 2009.0/x86_64/samba-doc-3.2.7-0.1mdv2009.0.x86_64.rpm b3e8420a896d9defaebc749abceb5eb2 2009.0/x86_64/samba-server-3.2.7-0.1mdv2009.0.x86_64.rpm 138562ffad186da5c639241c4d7971e5 2009.0/x86_64/samba-swat-3.2.7-0.1mdv2009.0.x86_64.rpm cff49e288971a75d4e2b5c812ed36a53 2009.0/x86_64/samba-winbind-3.2.7-0.1mdv2009.0.x86_64.rpm 20b63670ed98d96b046929b19d03b17a 2009.0/SRPMS/samba-3.2.7-0.1mdv2009.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJnDspmqjQ0CJFipgRAoziAJ95i+DU7idd4Z7cHdggnQiYhWWVkACggd3b 9QVCycWgndaXOr0nP7P/8bo= =tWVM -----END PGP SIGNATURE----- ------------=_1234986669-6173-965 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________ ------------=_1234986669-6173-965-- Share this post Link to post