A new samba package is available for Slack/390 -current. These fix two denial of service vulnerabilities reported by iDEFENSE. Slack/390 -current has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws.
More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808 Here are the details from the Slack/390 -current ChangeLog: +--------------------------+ Tue Sep 14 13:04:28 EDT 2004 patches/packages/samba-3.0.5-s390-2.tgz: Patched two Denial of Service vulnerabilities in samba-3.0.5. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808 (* Security fix *) +--------------------------+ Where to find the new package: +-----------------------------+ Updated package for Slack/390 -current: ftp://ftp.ibiblio.org/pub/linux/distributions/slack390/slack390-current/patc hes/packages/samba-3.0.5-s390-2.tgz MD5 signature: +-------------+ Slack/390 -current package: ec59f72505b531855edeae6c380ca047 samba-3.0.5-s390-2.tgz Installation instructions: +------------------------+ As root, stop the samba server: . /etc/rc.d/rc.samba stop Next, upgrade the samba package(s) with upgradepkg: upgradepkg samba-3.0.5-s390-2.tgz Finally, start samba again: . /etc/rc.d/rc.samba start +-----+ Mark Post ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390