Scientific Linux SL5.x Important: samba3x Critical Remote Crash

Date: Wed, 2 Mar 2011 14:44:03 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: samba3x on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Important: samba3x security update
Issue date:	2011-03-01
CVE Names:	CVE-2011-0719

A flaw was found in the way Samba handled file descriptors. If an
attacker were able to open a large number of file descriptors on the
Samba server, they could flip certain stack bits to "1" values,
resulting in the Samba server (smbd) crashing. (CVE-2011-0719)

After installing this update, the smb service will be restarted
automatically.

SL 5.x

 SRPMS:
samba3x-3.5.4-0.70.el5_6.1.src.rpm
 i386:
samba3x-3.5.4-0.70.el5_6.1.i386.rpm
samba3x-client-3.5.4-0.70.el5_6.1.i386.rpm
samba3x-common-3.5.4-0.70.el5_6.1.i386.rpm
samba3x-doc-3.5.4-0.70.el5_6.1.i386.rpm
samba3x-domainjoin-gui-3.5.4-0.70.el5_6.1.i386.rpm
samba3x-swat-3.5.4-0.70.el5_6.1.i386.rpm
samba3x-winbind-3.5.4-0.70.el5_6.1.i386.rpm
samba3x-winbind-devel-3.5.4-0.70.el5_6.1.i386.rpm
 x86_64:
samba3x-3.5.4-0.70.el5_6.1.x86_64.rpm
samba3x-client-3.5.4-0.70.el5_6.1.x86_64.rpm
samba3x-common-3.5.4-0.70.el5_6.1.x86_64.rpm
samba3x-doc-3.5.4-0.70.el5_6.1.x86_64.rpm
samba3x-domainjoin-gui-3.5.4-0.70.el5_6.1.x86_64.rpm
samba3x-swat-3.5.4-0.70.el5_6.1.x86_64.rpm
samba3x-winbind-3.5.4-0.70.el5_6.1.i386.rpm
samba3x-winbind-3.5.4-0.70.el5_6.1.x86_64.rpm
samba3x-winbind-devel-3.5.4-0.70.el5_6.1.i386.rpm
samba3x-winbind-devel-3.5.4-0.70.el5_6.1.x86_64.rpm

-Connie Sieh
-Troy Dawson