Well known, at least by me. RedHat, Slack and SuSE already patched their files.
On 2/9/07, JJDaNiMoTh <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I'm not a security team member ( I'm not sure that exist this > 'security team' :D ) but I try :D > > - ------------------------------------------------------------ > Arch Linux Security Warning ALSW 2007-#1 > - ------------------------------------------------------------ > > Name: Samba > Date: 05/02/2007 > Severity: 2 > Warning #: 2007-#1 > > - ------------------------------------------------------------ > > Product Background > =================== > Samba is an Open Source/Free Software suite that has, since 1992, > provided file and print services to all manner of SMB/CIFS clients, > including the numerous versions of Microsoft Windows operating systems. > > > Problem Background > =================== > > CVE-2007-0452: smbd in Samba 3.0.6 through 3.0.23d allows remote > authenticated users > to cause a denial of service (memory and CPU exhaustion) by renaming a > file in a way that prevents a request from being removed from the > deferred open queue, which triggers an infinite loop. > > > CVE-2007-0453: Buffer overflow in the nss_winbind.so.1 library in > Samba 3.0.21 > through 3.0.23d, as used in the winbindd daemon on Solaris, allows > attackers to execute arbitrary code via the (1) gethostbyname and (2) > getipnodebyname functions. > > > CVE-2007-0454: Format string vulnerability in the afsacl.so VFS module > in Samba 3.0.6 > through 3.0.23d allows context-dependent attackers to execute > arbitrary code via format string specifiers in a filename on an AFS > file system, which is not properly handled during Windows ACL mapping. > > > Problem Packages > =================== > - ------------------------------------------------------------------ > Package | Repo | Group | Unsafe | Safe | > - ------------------------------------------------------------------ > samba Current Network < 3.0.23-D-3 >= 3.0.24 > > Package Fix > =================== > Rebuild package with this PKGBUILD in -current, but change version to > 3.0.24. You can find source at > http://samba.org/samba/ftp/samba-3.0.24.tar.gz > > > Reference(s) > =================== > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454 > > > > Contact > =================== > JJDaNiMoTh (jjdanimoth AT gmail DOT com) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFzKlqcJj0HNhER0MRAoeAAKCSwI6X+5rCHDdv/q+Rbsf+E5FGnwCglXpx > VGSVx9auggyCb0Gi+OOdG0I= > =Uolb > -----END PGP SIGNATURE----- > > > _______________________________________________ > arch mailing list > arch@archlinux.org > http://www.archlinux.org/mailman/listinfo/arch > _______________________________________________ arch mailing list arch@archlinux.org http://www.archlinux.org/mailman/listinfo/arch
