The problem with Samba and the Big-O is lawyers pouring through the license agreement and approving its distribution. They do NOT like GPLv3...
-----Original Message----- From: pca-boun...@lists.univie.ac.at [mailto:pca-boun...@lists.univie.ac.at] On Behalf Of francis picabia Sent: Friday, April 20, 2012 10:12 AM To: PCA (Patch Check Advanced) Discussion Subject: EXTERNAL: Re: [pca] samba patch from oracle. On Thu, Apr 19, 2012 at 9:16 AM, Laurent Blume <laur...@elanor.org> wrote: > Le 19/04/12 00:42, Francois a écrit : > >> Thanks Dagobert for pointing this out ! seems to be the only way to >> upgrade the DIY way without waiting for Oracle to react !... > > > Or use OpenCSW and prod them a little on #opencsw when needed. > I just did that for Samba, found a packaging bug for them, but in the end it > works better than Solaris' ;-) I've put in a SR with Oracle too. They said they are going to release 3.6.4, which is bullshit because Samba stated they we backporting patches for many versions due to the serious nature of the exploit and ease of attack. My Redhat and Debian machines were updated for the samba exploit about a week ago, but we may have to wait until May to get this fixed. PATHETIC. I'm not expecting much from them anymore. Even the zero day telnet exploit took them weeks to fix. Your Solaris can be secured by two methods: build your own binaries (or rely on OpenCSW, which I hope stays up to date better than Blastwave did), or don't run any services on it. But I think few of us want Solaris as a desktop machine...