One security update and three updated packages plus one package on testing has been released today. The security update is Samba and the three updated packages are sendmail (and sendmail-cf), and MPlayer, and the last package under /testing directory is Mesa, which is now upgraded to 7.4.4. Hopefully this updated package will fix many problem users encountering while using older version.
Here's the latest -Current changelog:
Fri Jun 26 22:06:58 CDT 2009
n/samba-3.2.13-i486-1.txz: Upgraded.
This upgrade fixes the following security issues:
o CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes".
o CVE-2009-1886:
In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made to execute code triggered by the server.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886
(* Security fix *)
n/sendmail-8.14.3-i486-2.txz: Rebuilt.
Fixed missing praliases. Thanks to Mark Post.
n/sendmail-cf-8.14.3-noarch-2.txz: Rebuilt.
xap/MPlayer-r29390-i486-1.txz: Upgraded.
testing/packages/mesa-7.4.4-i486-1.txz: Upgraded.
Posts
0 comments:
Post a Comment