Saturday, November 29, 2008

Security Update: Samba

One new Samba package has been released as a security update along with other packages (only in -Current). Even though there's no real proof-of-concept, it's still being included in the latest fix.

Here's the latest -Current changelog:
Fri Nov 28 17:43:24 CST 2008
ap/cdrtools-2.01.01a53-i486-1.tgz: Upgraded to cdrtools-2.01.01a53.

ap/dmidecode-2.10-i486-1.tgz: Upgraded to dmidecode-2.10.

ap/sqlite- Upgraded to sqlite-

l/libgsf-1.14.10-i486-1.tgz: Upgraded to libgsf-1.14.10.

n/dnsmasq-2.46-i486-1.tgz: Upgraded to dnsmasq-2.46.

n/ntp-4.2.4p5-i486-2.tgz: Edited rc.ntpd to add status support for pm-utils.
Thanks to Robby Workman.

n/samba-3.2.5-i486-1.tgz: Upgraded to samba-3.2.5.
This package fixes an important barrier against rogue clients reading from uninitialized memory (though no proof-of-concept is known to exist).
For more information, see:
(* Security fix *)