-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  samba DoS (SSA:2004-257-01)

New samba packages are available for Slackware 10.0 and -current.
These fix two denial of service vulnerabilities reported by
iDEFENSE.  Slackware -current has been upgraded to samba-3.0.7,
while the samba-3.0.5 included with Slackware 10.0 has been
patched to fix these issues.  Sites running Samba 3.x should
upgrade to the new package.  Versions of Samba before 3.0.x are
not affected by these flaws.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808


Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Mon Sep 13 17:07:20 PDT 2004
patches/packages/samba-3.0.5-i486-3.tgz:  Patched two Denial of Service
  vulnerabilities in samba-3.0.5.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 10.0:

Updated package for Slackware -current:


MD5 signatures:
+-------------+

Slackware 10.0 package:
a8bf821c6b6febd69dd0d1958c3b7796  samba-3.0.5-i486-3.tgz

Slackware -current package:
acdaf5bc8b3777245d0ed51bcc4acec4  samba-3.0.7-i486-1.tgz


Installation instructions:
+------------------------+

As root, stop the samba server:

. /etc/rc.d/rc.samba stop

Next, upgrade the samba package(s) with upgradepkg:

upgradepkg samba-3.0.5-i486-3.tgz

Finally, start samba again:

. /etc/rc.d/rc.samba start


+-----+

Slackware: 2004-257-01: samba DoS Security Update

September 14, 2004
New samba packages are available for Slackware 10.0 and -current

Summary

Here are the details from the Slackware 10.0 ChangeLog: Mon Sep 13 17:07:20 PDT 2004 patches/packages/samba-3.0.5-i486-3.tgz: Patched two Denial of Service vulnerabilities in samba-3.0.5. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808 (* Security fix *)

Where Find New Packages

Updated package for Slackware 10.0:
Updated package for Slackware -current:

MD5 Signatures

Slackware 10.0 package: a8bf821c6b6febd69dd0d1958c3b7796 samba-3.0.5-i486-3.tgz
Slackware -current package: acdaf5bc8b3777245d0ed51bcc4acec4 samba-3.0.7-i486-1.tgz

Severity
[slackware-security] samba DoS (SSA:2004-257-01)
New samba packages are available for Slackware 10.0 and -current. These fix two denial of service vulnerabilities reported by iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws.
More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808

Installation Instructions

Installation instructions: As root, stop the samba server: . /etc/rc.d/rc.samba stop Next, upgrade the samba package(s) with upgradepkg: upgradepkg samba-3.0.5-i486-3.tgz Finally, start samba again: . /etc/rc.d/rc.samba start

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved