Saturday, June 27, 2009

Security Fix: Samba

One security update and three updated packages plus one package on testing has been released today. The security update is Samba and the three updated packages are sendmail (and sendmail-cf), and MPlayer, and the last package under /testing directory is Mesa, which is now upgraded to 7.4.4. Hopefully this updated package will fix many problem users encountering while using older version.

Here's the latest -Current changelog:
Fri Jun 26 22:06:58 CDT 2009
n/samba-3.2.13-i486-1.txz: Upgraded.
This upgrade fixes the following security issues:
o CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes".
o CVE-2009-1886:
In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made to execute code triggered by the server.
For more information, see:
(* Security fix *)

n/sendmail-8.14.3-i486-2.txz: Rebuilt.
Fixed missing praliases. Thanks to Mark Post.

n/sendmail-cf-8.14.3-noarch-2.txz: Rebuilt.

xap/MPlayer-r29390-i486-1.txz: Upgraded.

testing/packages/mesa-7.4.4-i486-1.txz: Upgraded.