Updated Samba packages that fix a potential unathorized access problem
are now avaliable.

Under some circumstances, Samba 3.0.0 and 3.0.1 could overwrite the
password field of a disabled account with uninitialized memory.  If an
attacker could know what will be in that memory, he could gain access
to the disabled acocunt.

If you use Samba, you should consider upgrading to these new packages.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-074
2004-02-16
---------------------------------------------------------------------

Name        : samba
Version     : 3.0.2                      
Release     : 7.FC1                  
Summary     : The Samba SMB server.
Description :
Samba is the protocol by which a lot of PC-related machines share
files, printers, and other information (such as lists of available
files and printers). The Windows NT, OS/2, and Linux operating systems
support this natively, and add-on packages can enable the same thing
for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package
provides an SMB server that can be used to provide network services to
SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over
TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw
NetBIOS frame) protocol.

---------------------------------------------------------------------
Update Information:

---------------------------------------------------------------------
* Thu Feb 12 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-7.FC1

- Fix the ownership on /usr/lib/samba and /usr/lib/samba/charset

* Mon Feb 09 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-5.FC1

- Merge from HEAD to build 3.0.2 for Fedora Core 1 erratum.
- New upstream version: 3.0.2 final includes security fix for #114995
  (CAN-2004-0082)
- Edit postun script for the -common package to restart winbind when
  appropriate.  Fixes bugzilla #114051.

* Mon Feb 02 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-3rc2

- add %dir entries for /usr/lib/samba and /usr/lib/samba/charset
- Upgrade to new upstream version
- build mount.cifs for the new cifs filesystem in the 2.6 kernel.

* Mon Jan 19 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-1rc1

- Upgrade to new upstream version

* Wed Dec 17 2003 Felipe Alfaro Solana <felipe_alfaro@linuxmail.org> 3.0.1-1

- Update to 3.0.1
- Removed testparm patch as it's already merged
- Removed Samba.7* man pages
- Fixed .buildroot patch
- Fixed .pie patch
- Added new /usr/bin/tdbdump file


---------------------------------------------------------------------
This update can be downloaded from:
    

2ee8ced2420caee182cc7e7bd24bc578  SRPMS/samba-3.0.2-7.FC1.src.rpm
f07e98858197c4c0f8d87823f07d2e18  i386/samba-3.0.2-7.FC1.i386.rpm
5db069ff37ce550bf10bd555d52df2da  i386/samba-client-3.0.2-7.FC1.i386.rpm
fa703cf8f43b965faebdb3ecdd7e438e  i386/samba-common-3.0.2-7.FC1.i386.rpm
5823c93c369ca7e6083b386bb48bf81a  i386/debug/samba-debuginfo-3.0.2-7.FC1.i386.rpm
e4ceab8f113b7fcbd460271ab72dea95  i386/samba-swat-3.0.2-7.FC1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com 
fedora-announce-list Info Page

Fedora: samba Improper account enabling vuln.

February 18, 2004
Under some circumstances, Samba 3.0.0 and 3.0.1 could overwrite the password field of a disabled account with uninitialized memory.

Summary

Samba is the protocol by which a lot of PC-related machines share

files, printers, and other information (such as lists of available

files and printers). The Windows NT, OS/2, and Linux operating systems

support this natively, and add-on packages can enable the same thing

for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package

provides an SMB server that can be used to provide network services to

SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over

TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw

NetBIOS frame) protocol.

Update Information:

* Thu Feb 12 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-7.FC1

- Fix the ownership on /usr/lib/samba and /usr/lib/samba/charset

* Mon Feb 09 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-5.FC1

- Merge from HEAD to build 3.0.2 for Fedora Core 1 erratum. - New upstream version: 3.0.2 final includes security fix for #114995 (CAN-2004-0082) - Edit postun script for the -common package to restart winbind when appropriate. Fixes bugzilla #114051.

* Mon Feb 02 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-3rc2

- add %dir entries for /usr/lib/samba and /usr/lib/samba/charset - Upgrade to new upstream version - build mount.cifs for the new cifs filesystem in the 2.6 kernel.

* Mon Jan 19 2004 Jay Fenlason <fenlason@redhat.com> 3.0.2-1rc1

- Upgrade to new upstream version

* Wed Dec 17 2003 Felipe Alfaro Solana <felipe_alfaro@linuxmail.org> 3.0.1-1

- Update to 3.0.1 - Removed testparm patch as it's already merged - Removed Samba.7* man pages - Fixed .buildro...

Read the Full Advisory

Change Log

References

Updated Samba packages that fix a potential unathorized access problem are now avaliable. Under some circumstances, Samba 3.0.0 and 3.0.1 could overwrite the password field of a disabled account with uninitialized memory. If an attacker could know what will be in that memory, he could gain access to the disabled acocunt. If you use Samba, you should consider upgrading to these new packages. Fedora Update Notification FEDORA-2004-074 2004-02-16 Name : samba Version : 3.0.2 Release : 7.FC1 Summary : The Samba SMB server. Description : Samba is the protocol by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.

Update Instructions

Severity
Name : samba
Version : 3.0.2
Release : 7.FC1
Summary : The Samba SMB server.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved