Thursday, February 8, 2007

Updated Samba

Patrick Volkerding has upgraded SAMBA packages to the latest version which fixed some security vulnerabilities. Here's the entry from the Stable Changelog:
Wed Feb 7 12:29:05 CST 2007
Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
"Important issues addressed in 3.0.24 include:
o Fixes for the following security advisories:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris)
- CVE-2007-0454 (Format string bug in VFS plugin)"
Samba is Slackware is vulnerable to the first issue, which can cause smbd to enter into an infinite loop, disrupting Samba services. Linux is not vulnerable to the second issue, and Slackware does not ship the VFS plugin (but it's something to be aware of if you build Samba with custom options).
For more information, see:
(* Security fix *)