Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Slackware 13.0 SSA-2009-276-01 Critical Samba Denial Of Service

slackware
Calendar Grey October 4, 2009
Dist Slackware Esm H88
Recent samba updates for Slackware tackle vulnerabilities related to data leaks and possible denial-of-service threats.
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues

Summary

Here are the details from the Slackware 13.0 ChangeLog: patches/packages/samba-3.2.15-i486-1_slack13.0.txz: This update fixes the following security issues. A misconfigured /etc/passwd with no defined home directory could allow security restrictions to be bypassed. mount.cifs could allow a local user to read the first line of an arbitrary file if installed setuid. (On Slackware, it was not installed setuid) Specially crafted SMB requests could cause a denial of service. For more information, see: https://www.cve.org/CVERecord?id=CVE-2009-2813 https://www.cve.org/CVERecord?id=CVE-2009-2948 https://www.cve.org/CVERecord?id=CVE-2009-2906 (* Security fix *)

Topics%20covered

Topics Covered

security advisory denial of service security issue software update samba Slackware

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 10.0 package: e02ad43f20e3c31e50cf28363541db9c samba-3.0.37-i486-1_slack10.0.tgz
Slackware 10.1 package: bac29aae3e5f23bd815f4452c2954dc6 samba-3.0.37-i486-1_slack10.1.tgz
Slackware 10.2 package: 60ac24589c806850e7a74a09302a4ed9 samba-3.0.37-i486-1_slack10.2.tgz
Slackware 11.0 package: 58eaa3f9cb2c677f8b0a6249863685e6 samba-3.0.37-i486-1_slack11.0.tgz
Slackware 12.0 package: 8f68ccdee93cb131b395d9b3eeae1674 samba-3.0.37-i486-1_slack12.0.tgz
Slackware 12.1 package: ea18bf39fa98cd52cf90fc593ee3ddf8 samba-3.0.37-i486-1_slack12.1.tgz
Slackware 12.2 package: edb0b282ea777c2edabd8147d83f6978 samba-3.2.15-i486-1_slack12.2.tgz
Slackware 13.0 package: 9a848ba2af68ee2d01dd7440b4b49405 samba-3.2.15-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: e84b39e9ee6353e0a682e71a88e97b00 samba-3.2.15-x86_64-1_slack13.0.txz
Slackware -current package: 968d2bfd83f13d40e630c14fab19a676 samba-3.4.2-i486-1.txz
Slackware x86_64 -current package: 8b80e5bcd2b603a42e92185501823d26 samba-3.4.2-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service security issue software update samba Slackware

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg samba-3.2.15-i486-1_slack13.0.txz Then, if Samba is running restart it: # /etc/rc.d/rc.samba restart

Related News

Your message here