What Are You Looking For?

Sign Up

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  samba (SSA:2009-276-01)

New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0,
12.1, 12.2, 13.0, and -current to fix security issues.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906


Here are the details from the Slackware 13.0 ChangeLog:
+--------------------------+
patches/packages/samba-3.2.15-i486-1_slack13.0.txz:
  This update fixes the following security issues.
  A misconfigured /etc/passwd with no defined home directory could allow
  security restrictions to be bypassed.
  mount.cifs could allow a local user to read the first line of an arbitrary
  file if installed setuid.  (On Slackware, it was not installed setuid)
  Specially crafted SMB requests could cause a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 10.0:

Updated package for Slackware 10.1:

Updated package for Slackware 10.2:

Updated package for Slackware 11.0:

Updated package for Slackware 12.0:

Updated package for Slackware 12.1:

Updated package for Slackware 12.2:

Updated package for Slackware 13.0:

Updated package for Slackware x86_64 13.0:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 10.0 package:
e02ad43f20e3c31e50cf28363541db9c  samba-3.0.37-i486-1_slack10.0.tgz

Slackware 10.1 package:
bac29aae3e5f23bd815f4452c2954dc6  samba-3.0.37-i486-1_slack10.1.tgz

Slackware 10.2 package:
60ac24589c806850e7a74a09302a4ed9  samba-3.0.37-i486-1_slack10.2.tgz

Slackware 11.0 package:
58eaa3f9cb2c677f8b0a6249863685e6  samba-3.0.37-i486-1_slack11.0.tgz

Slackware 12.0 package:
8f68ccdee93cb131b395d9b3eeae1674  samba-3.0.37-i486-1_slack12.0.tgz

Slackware 12.1 package:
ea18bf39fa98cd52cf90fc593ee3ddf8  samba-3.0.37-i486-1_slack12.1.tgz

Slackware 12.2 package:
edb0b282ea777c2edabd8147d83f6978  samba-3.2.15-i486-1_slack12.2.tgz

Slackware 13.0 package:
9a848ba2af68ee2d01dd7440b4b49405  samba-3.2.15-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
e84b39e9ee6353e0a682e71a88e97b00  samba-3.2.15-x86_64-1_slack13.0.txz

Slackware -current package:
968d2bfd83f13d40e630c14fab19a676  samba-3.4.2-i486-1.txz

Slackware x86_64 -current package:
8b80e5bcd2b603a42e92185501823d26  samba-3.4.2-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg samba-3.2.15-i486-1_slack13.0.txz

Then, if Samba is running restart it:

# /etc/rc.d/rc.samba restart


+-----+

Slackware: 2009-276-01: samba Security Update

October 4, 2009
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues

Summary

Here are the details from the Slackware 13.0 ChangeLog: patches/packages/samba-3.2.15-i486-1_slack13.0.txz: This update fixes the following security issues. A misconfigured /etc/passwd with no defined home directory could allow security restrictions to be bypassed. mount.cifs could allow a local user to read the first line of an arbitrary file if installed setuid. (On Slackware, it was not installed setuid) Specially crafted SMB requests could cause a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906 (* Security fix *)

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 10.0 package: e02ad43f20e3c31e50cf28363541db9c samba-3.0.37-i486-1_slack10.0.tgz
Slackware 10.1 package: bac29aae3e5f23bd815f4452c2954dc6 samba-3.0.37-i486-1_slack10.1.tgz
Slackware 10.2 package: 60ac24589c806850e7a74a09302a4ed9 samba-3.0.37-i486-1_slack10.2.tgz
Slackware 11.0 package: 58eaa3f9cb2c677f8b0a6249863685e6 samba-3.0.37-i486-1_slack11.0.tgz
Slackware 12.0 package: 8f68ccdee93cb131b395d9b3eeae1674 samba-3.0.37-i486-1_slack12.0.tgz
Slackware 12.1 package: ea18bf39fa98cd52cf90fc593ee3ddf8 samba-3.0.37-i486-1_slack12.1.tgz
Slackware 12.2 package: edb0b282ea777c2edabd8147d83f6978 samba-3.2.15-i486-1_slack12.2.tgz
Slackware 13.0 package: 9a848ba2af68ee2d01dd7440b4b49405 samba-3.2.15-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: e84b39e9ee6353e0a682e71a88e97b00 samba-3.2.15-x86_64-1_slack13.0.txz
Slackware -current package: 968d2bfd83f13d40e630c14fab19a676 samba-3.4.2-i486-1.txz
Slackware x86_64 -current package: 8b80e5bcd2b603a42e92185501823d26 samba-3.4.2-x86_64-1.txz

Severity
[slackware-security] samba (SSA:2009-276-01)
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues.
More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg samba-3.2.15-i486-1_slack13.0.txz Then, if Samba is running restart it: # /etc/rc.d/rc.samba restart

Related News

691 Malicious npm Packages and 49 PyPI Components Containing Crypto-Miners, Remote Access Trojans Discovered

Feb 22, 2023

Researchers Uncover 700+ Malicious Open Source Packages

Feb 22, 2023

Why You Should Update File Sharing Platform, Samba, Right Now

Dec 26, 2022

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo