Tuesday, December 11, 2007

Security Update: Samba

Anotoher Samba package has been released as a security fix, this time it address a boundary failure in GETDC mailslot processing that can result in a buffer overrun leading to possible code execution. Along with this security release, Slackware-Current also release several package update, such as Pidgin, KTorrent, ProFTPD, XChat, GKrellm, and vte. Here's the latest -Current changelog:
Mon Dec 10 14:07:48 CST 2007
l/vte-0.16.10-i486-1.tgz: Upgraded to vte-0.16.10.

n/proftpd-1.3.1-i486-1.tgz: Upgraded to proftpd-1.3.1.

n/samba-3.0.28-i486-1.tgz:
Upgraded to samba-3.0.28.
Samba 3.0.28 is a security release in order to address a boundary failure in GETDC mailslot processing that can result in a buffer overrun leading to possible code execution.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
http://www.samba.org/samba/history/samba-3.0.28.html
http://secunia.com/secunia_research/2007-99/advisory/
(* Security fix *)

xap/gkrellm-2.3.1-i486-1.tgz: Upgraded to gkrellm-2.3.1.

xap/pidgin-2.3.1-i486-1.tgz: Upgraded to pidgin-2.3.1.

xap/xchat-2.8.4-i486-1.tgz: Upgraded to xchat-2.8.4.

extra/ktorrent/ktorrent-2.2.4-i486-1.tgz: Upgraded to ktorrent-2.2.4.