[samba-jp:20739] [FYI] Samba 3.2.13 が出ました

OPC oota t-oota @ dh.jp.nec.com
2009年 6月 24日 (水) 08:59:54 JST


太田@NECです。

Samba 3.2.13 が出ました。セキュリティリリースです。

Subject: [Samba] [Announce] Samba 3.2.13 Security Release Available for	Download

Release Announcements
=====================

This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.

   o CVE-2009-1886:
     In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
     with file names treat user input as a format string to asprintf.
     With a maliciously crafted file name smbclient can be made
     to execute code triggered by the server.

   o CVE-2009-1888:
     In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
     value can potentially affect access control when "dos filemode"
     is set to "yes".


######################################################################
Changes
#######

Changes since 3.2.12
--------------------


o   Jeremy Allison <jra @ samba.org>
    * Fix for CVE-2009-1886.
    * Fix for CVE-2009-1888.


================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/

The release notes are available online at:

        http://www.samba.org/samba/ftp/history/samba-3.2.13.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team

--
太田 俊哉@NEC OSS開本 OSS推進センター (芝.港.東京) 
(samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster)



samba-jp メーリングリストの案内