Debian has released updated samba packages as well. Note that many of the below URLs appear to have been wrapped. Enjoy. -Chris >Resent-date: Sat, 31 Jul 1999 00:46:26 +0000 >Date: Sat, 31 Jul 1999 00:45:48 +0200 >Resent-from: [EMAIL PROTECTED] >From: Wichert Akkerman <[EMAIL PROTECTED]> >Subject: [SECURITY] New version of samba released >Resent-sender: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Resent-cc: recipient list not shown: ; >Reply-to: [EMAIL PROTECTED] >Priority: urgent >X-Loop: [EMAIL PROTECTED] >X-Envelope-Sender: [EMAIL PROTECTED] >X-Debian: PGP check passed for security officers >X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/56 > >-----BEGIN PGP SIGNED MESSAGE----- > > >The version of samba as distributed in Debian GNU/Linux 2.1 has a couple of >security problems: >* a Denial-of-Service attack against nmbd was possible >* it was possible to exploit smbd if you had a message command defined > which used the %f or %M formatter. >* smbmnt's check to see if a user is allowed to create a mount was flawed > which allowed users to mount at arbitraty mountpoints in the filesystem > >These problems have been fixed in version 2.0.5a-1. We recommend you upgrade >your samba packages immediately. > >Please note that this is a major upgrade so please be careful when you upgrade >since some changes to the configuration file might be necessary. The >configuration >file also moved to a new location (/etc/samba). > >The smbfsx package is also obsolete with this update and has been replaced by >smbfs, which can handle both 2.0 and 2.2 kernels now. > >wget url > will fetch the file for you >dpkg -i file.deb > will install the referenced file. > >Debian GNU/Linux 2.1 alias slink >- -------------------------------- > > This version of Debian was released only for Intel, the Motorola > 680x0, the alpha and the Sun sparc architecture. > > Source archives: > >http://security.debian.org/dists/stable/updates/source/samba_2.0.5a-1.diff.gz > MD5 checksum: 1354ea63f79e7fa0b4b71685dbac118b > http://security.debian.org/dists/stable/updates/source/samba_2.0.5a-1.dsc > MD5 checksum: e51aeb259913179b60dbddd0b9e70bf5 > >http://security.debian.org/dists/stable/updates/source/samba_2.0.5a.orig.tar.gz > MD5 checksum: 497e5f98ed9b520b18e926ff2f7307ba > > Architecture indendent archives: > >http://security.debian.org/dists/stable/updates/binary-all/samba-doc_2.0.5a >-1_all.deb > MD5 checksum: a9c1addcff72605f66a2334eef5e25ef > > Alpha architecture: > >http://security.debian.org/dists/stable/updates/binary-alpha/samba-common_2 >.0.5a-1_alpha.deb > MD5 checksum: 48b9651e2cefd6f6ad820ded9ebc9191 > >http://security.debian.org/dists/stable/updates/binary-alpha/samba_2.0.5a-1 >_alpha.deb > MD5 checksum: 9bb86e810254fe59feb02e817815b64f > >http://security.debian.org/dists/stable/updates/binary-alpha/smbclient_2.0. >5a-1_alpha.deb > MD5 checksum: 54a89ad98e1167a3265ff30881618b3f > >http://security.debian.org/dists/stable/updates/binary-alpha/smbfs_2.0.5a-1 >_alpha.deb > MD5 checksum: 596e22cdf0848fcffd1885f16b38cf83 > >http://security.debian.org/dists/stable/updates/binary-alpha/smbwrapper_2.0 >.5a-1_alpha.deb > MD5 checksum: 5003fb2a3555daddd3d877529ac65e1e > >http://security.debian.org/dists/stable/updates/binary-alpha/swat_2.0.5a-1_ >alpha.deb > MD5 checksum: e99ec78abdac4a8ab1348773e3fa32cd > > Intel ia32 architecture: > >http://security.debian.org/dists/stable/updates/binary-i386/samba-common_2. >0.5a-1_i386.deb > MD5 checksum: eb8b9aa964912975db301f1e83919d36 > >http://security.debian.org/dists/stable/updates/binary-i386/samba_2.0.5a-1_ >i386.deb > MD5 checksum: 799ab1a56dd726548c33a130edfb9231 > >http://security.debian.org/dists/stable/updates/binary-i386/smbclient_2.0.5 >a-1_i386.deb > MD5 checksum: f5db7b12b67b24048d7ff915c9ec77ee > >http://security.debian.org/dists/stable/updates/binary-i386/smbfs_2.0.5a-1_ >i386.deb > MD5 checksum: b6e90edf5db22cf3952a01f726cb7dd7 > >http://security.debian.org/dists/stable/updates/binary-i386/smbwrapper_2.0. >5a-1_i386.deb > MD5 checksum: afabbae0e5ffdd03475a302586d75be5 > >http://security.debian.org/dists/stable/updates/binary-i386/swat_2.0.5a-1_i >386.deb > MD5 checksum: bd235e608944c7cd3cc7a17fceab0199 > > Motorola 680x0 architecture: > >http://security.debian.org/dists/stable/updates/binary-m68k/samba-common_2. >0.5a-1_m68k.deb > MD5 checksum: 91d8b04d9ef76ca08fff5938007eb235 > >http://security.debian.org/dists/stable/updates/binary-m68k/samba_2.0.5a-1_ >m68k.deb > MD5 checksum: 6404ca678a20ad17e44b6c74cc3182a1 > >http://security.debian.org/dists/stable/updates/binary-m68k/smbclient_2.0.5 >a-1_m68k.deb > MD5 checksum: 37f0a04da50f9880b22cb3eaf27b2794 > >http://security.debian.org/dists/stable/updates/binary-m68k/smbfs_2.0.5a-1_ >m68k.deb > MD5 checksum: 3685040bee6e01039f6588f97dab2c26 > >http://security.debian.org/dists/stable/updates/binary-m68k/smbwrapper_2.0. >5a-1_m68k.deb > MD5 checksum: 1a43221c50137cbf5d94f7ad90ab548e > >http://security.debian.org/dists/stable/updates/binary-m68k/swat_2.0.5a-1_m >68k.deb > MD5 checksum: 7b5e610c9b044fe81ac66881ea59af64 > > Sun Sparc architecture: > >http://security.debian.org/dists/stable/updates/binary-sparc/samba-common_2 >.0.5a-1_sparc.deb > MD5 checksum: f4713291f719de2f32543e0fc37506ea > >http://security.debian.org/dists/stable/updates/binary-sparc/samba_2.0.5a-1 >_sparc.deb > MD5 checksum: afb22260c07c60e4afd390bb3e108674 > >http://security.debian.org/dists/stable/updates/binary-sparc/smbclient_2.0. >5a-1_sparc.deb > MD5 checksum: 28b22378ddb79b05d29b4b4fac2038c4 > >http://security.debian.org/dists/stable/updates/binary-sparc/smbfs_2.0.5a-1 >_sparc.deb > MD5 checksum: 8747b52257b451a1e19c93ea10048369 > >http://security.debian.org/dists/stable/updates/binary-sparc/smbwrapper_2.0 >.5a-1_sparc.deb > MD5 checksum: 420bfe236fcc1591175acd7eb3ad83e0 > >http://security.debian.org/dists/stable/updates/binary-sparc/swat_2.0.5a-1_ >sparc.deb > MD5 checksum: 38380d76284421c18e557e2d3a413a62 > > These files will be moved into > ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. > >For not yet released architectures please refer to the appropriate >directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . > >- -- >Debian GNU/Linux . Security Managers . [EMAIL PROTECTED] > [EMAIL PROTECTED] > Christian Hudon . Wichert Akkerman . Martin Schulze ><[EMAIL PROTECTED]> . <[EMAIL PROTECTED]> . <[EMAIL PROTECTED]> > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.3ia >Charset: noconv > >iQB1AwUBN6IrDKjZR/ntlUftAQEmjAL/RGbp66V6Mf99rfM6i+flJiR0/3r+FfNO >hQFTAkQ0avO+ta/rgeiVDFuBV0Paw60bPyObBB9ey7+P3ZCtNMKN9jQQHUMwBTCM >6nPq4bbgAxInR3AvDiIOcn//JWR7ShOM >=s865 >-----END PGP SIGNATURE----- > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]