On Wed, Mar 10, 2010 at 07:07:27AM +0100, Christian PERRIER wrote: > Quoting Jeremy Allison ([email protected]): > > Security problem with Samba on Linux > > ------------------------------------ > > > > In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code > > was added to fix a problem with Linux asynchronous IO handling. > > Situation for Debian: > > - Debian stable isn't affected by this issue (we have 3.2.5+patches there) > - Official backports from www.backports.org aren't affected too (we > have 3.4.5) > - Debian unstable has 3.4.7 since yesterday, a few hours after the > official annoucement. As it had 3.4.6 earlier, users of > Debian unstable *are strongly advised to "apt-get upgrade"* > - Debian experimental has 3.5.1 since about the same time. Users who > follow samba in experimental to have 3.5 should also upgrade > > The most important info: > ------------------------ > > - Debian testing (squeeze) *is* affected as of now. By a very very > infortunate sequence of events, yesterday was the day where 3.4.6 > packages that were in unstable aged enough to enter testing. > And they did. Before I could notice (I happen to do paid work > during the day..:-)) > > So, users of Debian testing should either avoid upgrading today if > they still have 3.4.5 packages or upgrade their systems ASAP > with the packages uploaded yesterday in unstable (you need to do > this manually) if they already upgraded to 3.4.6 > > 3.4.7 packages were bumped to "high" urgency, which means they will > enter testing by Thursday March 11th (I'm unsure about the exact > time). > > > I don't think that Ubuntu is affected by all this, even the soon to > come Lucid....but this is unverified information.
Thanks for all the information on the Debian situation. I fixed "make test" yesterday so it can run as root and will detect and fail the test if smbd has the DAC_OVERRIDE problem, so we should be safe from any possible regressions in future. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
