On Wed, 18 Apr 2012, Dagobert Michelsen wrote:
Hi Francois,
Am 18.04.2012 um 21:27 schrieb Francois:
On Wed, 18 Apr 2012, Jeff Wieland wrote:
Paul B. Henson wrote:
On 4/18/2012 8:14 AM, McGraw, Robert P wrote:
I submitted a SR to Oracle about this and they told me they were working
on a patch and they would let me know when it was ready.
I have an open SR as well 8-/, currently with a follow-up date of 4/30. Not
that I expect an actual solution by then, based on past performance I
anticipate it taking 6-12 weeks or even longer to get a patch.
I asked how come all of the major Linux vendors had a patch available within hours of
the announcement, whereas with Oracle it took days to even get them to realize there
was an issue and say they would look into it. No response on that. Don :)? Most
likely the script kiddies only have linux shell code for this, so hopefully the wide
open unauthenticated remote code execution with root privileges bug doesn't get
exploited on my production servers while I'm sitting here twiddling my thumbs. I'd
run my own local samba rather than the Oracle bundled one but it's such a royal pain
in the ass to get samba compiled under Solaris <sigh>.
AFAIK there's still just one guy in Prague that works on samba.
I wish one of the Illumos distributions was production ready.
I've been building Samba on Solaris since the Solaris 2.3 days... It
isn't that hard... Not nearly as bad as Pidgin or Seamonkey :-).
A wiki or something relating your various experiences would be greatly
apreciated :)
You could also take a look at the build recipe for the OpenCSW Samba 3.6.4
package:
http://sourceforge.net/apps/trac/gar/browser/csw/mgar/pkg/samba/trunk/Makefile
Thanks Dagobert for pointing this out ! seems to be the only way to
upgrade the DIY way without waiting for Oracle to react !...
--
Francois
