Tuesday, September 2, 2008

Security Fix: Samba

Samba package has been upgraded to fix permission on -Current (-Stable and older version of Slackware were not affected as this package only being released on -Current). Here's the changelog:
Tue Sep 2 02:11:27 CDT 2008
n/samba-3.2.3-i486-1.tgz: Upgraded to samba-3.2.3. This fixes a security issue where group_mapping.ldb was accidentally chmod 666 (only in -current, as all previous Slackware versions use the Samba 3.0.x branch which is not affected). This build also adds the mount.smbfs wrapper script for mount.cifs, and a link to the wrapper from /usr/bin/smbmount. This may fix some of the issues that people were having mounting SMB filesystems.
Note that SMBFS is considered obsolete now, and using mount.smbfs really isn't any different in function using the wrapper than using mount.cifs directly. For more information on the security issue, see:
(* Security fix *)
Since this security issue only affects the unreleased development branch, (aka -current) this ChangeLog comment is the official notification.
For those using older versions of Slackware, many of them got bugfix updates to the 3.0.x branch. Check the new packages out -- they should correct some stability issues.