This message is from Slackware, but it applies to all Linux and Linux/390 distributions. Either upgrade on your own, or be looking for a new package from your Linux distributor.
Mark Post -----Original Message----- From: Slackware Security Team [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 12:41 AM To: [EMAIL PROTECTED] Subject: [slackware-security] New Samba package available New Samba packages are available for Slackware 8.1 and -current to fix a security problem and provide other bugfixes and improvements. Here are the details from the Slackware 8.1 ChangeLog: ---------------------------- Wed Nov 20 16:51:23 PST 2002 patches/packages/samba-2.2.7-i386-1.tgz: Upgraded to samba-2.2.7. Some details (based on the WHATSNEW.txt file included in samba-2.2.7): This fixes a security hole discovered in versions 2.2.2 through 2.2.6 of Samba that could potentially allow an attacker to gain root access on the target machine. The word "potentially" is used because there is no known exploit of this bug, and the Samba Team has not been able to craft one ourselves. However, the seriousness of the problem warrants this immediate 2.2.7 release. There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attack would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. Thanks to Steve Langasek <[EMAIL PROTECTED]> and Eloy Paris <[EMAIL PROTECTED]> for bringing this vulnerability to our notice. (* Security fix *) ---------------------------- WHERE TO FIND THE NEW PACKAGES: ------------------------------- Updated Samba package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/samba-2 .2.7-i386-1.tgz Updated Samba package for Slackware-current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-2. 2.7-i386-1.tgz MD5 SIGNATURES: --------------- Here are the md5sums for the packages: Slackware 8.1: 835f2069561251cf9649b1f60ebc21f0 samba-2.2.7-i386-1.tgz Slackware-current: 18eff1898b289735c51895e628797733 samba-2.2.7-i386-1.tgz +------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to [EMAIL PROTECTED] with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+
