On Sat Mar 15, 2003 at 06:58:35PM -0800, Quel Qun wrote: > > > Please don't let this go as is, hope is stil time: > > > > > > (14th Mar, 2003) Security Release - Samba 2.2.8 > > > > > > A flaw has been detected in the Samba main smbd code which could allow > > > an external attacker to remotely and anonymously gain Super User (root) > > > privileges on a server running a Samba server. This flaw exists in > > > previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a > > > serious problem and all sites should either upgrade to Samba 2.2.8 > > > immediately or prohibit access to TCP ports 139 and 445. The Release > > > Notes are available on-line. > > > > > > In addition to addressing this security issue, Samba 2.2.8 includes many > > > unrelated improvements. These improvements result from our process of > > > continuous quality assurance and code review, and are part of the Samba > > > team's committment to excellence. > > > > > > > > > Mircea C. > > > > It's already been taken care of. The current one for mandrake 9.1 should have > > been pached for this already. > Can't find anything in the changelog, though.
And you won't. Not until you get the 9.1 ISOs or until it is updated in cooker. I built packages for this earlier this week and they are in the 9.1 master ISOs but because it was, at the time, non-public, it did not make it in cooker. In other words, right now, cooker is vulnerable. MDKSA-2003:032 outlines some precautions to take until you can get a patched version (or grab the 9.0 updates and rebuild it). 9.1 fresh installs will not have to worry. I suspect Sylvestre will build 2.2.8 for cooker when it's unfrozen or possibly sooner. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
