Tuesday, January 6, 2009

Security Update: Samba

One security update has been released this week for Samba package. It affected 12.2 and -Current only. Here's the -Current changelog:
Mon Jan 5 14:09:18 CST 2009
Upgraded to samba-3.2.7.
This fixes a security issue. From the WHATSNEW.txt file:
"This is a security release in order to address CVE-2009-0022.
o CVE-2009-0022
In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled, access to the root filesystem ("/") is granted when connecting to a share called "" (empty string) using old versions of smbclient (before 3.0.28).
The original security announcement for this and past advisories can be found http://www.samba.org/samba/security/"
For more information, see:
(* Security fix *)