Slackware alert: Samba buffer overflow fixed

Posted by dave on Mar 15, 2003 1:55 PM EDT
Mailing list
Mail this story
Print this story

The samba packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running samba should upgrade.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Samba buffer overflow fixed

The samba packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running samba should upgrade.

Here are the details from the Slackware 8.1 ChangeLog: +--------------------------+ Sat Mar 15 13:49:04 PST 2003 patches/packages/samba-2.2.8-i386-1.tgz: Upgraded to Samba 2.2.8.

From the Samba web site:

* (14th Mar, 2003) Security Release - Samba 2.2.8

A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445.

(* Security fix *) +--------------------------+

More information may be found in the Samba release notes.



WHERE TO FIND THE NEW PACKAGES: +-----------------------------+

Updated Samba package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/samba-2.2.8-i386-1.tgz

Updated Samba package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-2.2.8-i386-1.tgz



MD5 SIGNATURES: +-------------+

Here are the md5sums for the packages:

Slackware 8.1 package: be4bee0ed2c50e9313150843e41b09ad samba-2.2.8-i386-1.tgz

Slackware -current package: 940d26d3f74763524976a61f44637b22 samba-2.2.8-i386-1.tgz



INSTALLATION INSTRUCTIONS: +------------------------+

As root, upgrade the samba package(s) with upgradepkg:

upgradepkg samba-2.2.8-i386-1.tgz

Then, restart samba:

/etc/rc.d/rc.samba restart



+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+c6CcakRjwEAQIjMRAksxAJ4jbhqBtqRD2FqGIx5bVFg8isApwwCfSO2C VZ9TRhF307P8DfFZn6jo4f4= =V9F1 -----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.