[samba-jp:20739] [FYI] Samba 3.2.13 が出ました

2009年 6月 24日 (水) 08:59:54 JST

太田@NECです。

Samba 3.2.13 が出ました。セキュリティリリースです。

Subject: [Samba] [Announce] Samba 3.2.13 Security Release Available for	Download

Release Announcements
=====================

This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.

   o CVE-2009-1886:
     In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
     with file names treat user input as a format string to asprintf.
     With a maliciously crafted file name smbclient can be made
     to execute code triggered by the server.

   o CVE-2009-1888:
     In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
     value can potentially affect access control when "dos filemode"
     is set to "yes".

######################################################################
Changes
#######

Changes since 3.2.12
--------------------

o   Jeremy Allison <jra ＠ samba.org>
    * Fix for CVE-2009-1886.
    * Fix for CVE-2009-1888.

================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/

The release notes are available online at:

        http://www.samba.org/samba/ftp/history/samba-3.2.13.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team

--
太田 俊哉＠NEC OSS開本 OSS推進センター (芝.港.東京) 
(samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster)