Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] New Samba package available
Date: Wed, 20 Nov 2002 21:41:01 -0800 (PST)
New Samba packages are available for Slackware 8.1 and -current
to fix a security problem and provide other bugfixes and improvements.
Here are the details from the Slackware 8.1 ChangeLog:

----------------------------
Wed Nov 20 16:51:23 PST 2002
patches/packages/samba-2.2.7-i386-1.tgz:  Upgraded to samba-2.2.7.
  Some details (based on the WHATSNEW.txt file included in samba-2.2.7):
    This fixes a security hole discovered in versions 2.2.2 through 2.2.6 of
    Samba that could potentially allow an attacker to gain root access
    on the target machine.  The word "potentially" is used because there
    is no known exploit of this bug, and the Samba Team has not been able to
    craft one ourselves. However, the seriousness of the problem warrants
    this immediate 2.2.7 release.  There was a bug in the length checking for
    encrypted password change requests from clients. A client could potentially
    send an encrypted password, which, when decrypted with the old hashed
    password could be used as a buffer overrun attack on the stack of smbd. The
    attack would have to be crafted such that converting a DOS codepage string
    to little endian UCS2 unicode would translate into an executable block of
    code.  Thanks to Steve Langasek <vorlon@debian.org> and Eloy Paris
    <peloy@debian.org> for bringing this vulnerability to our notice.
  (* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
Updated Samba package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/samba-2.2.7-i386-1.tgz

Updated Samba package for Slackware-current: 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-2.2.7-i386-1.tgz


MD5 SIGNATURES:
---------------

Here are the md5sums for the packages:

Slackware 8.1:
835f2069561251cf9649b1f60ebc21f0  samba-2.2.7-i386-1.tgz

Slackware-current:
18eff1898b289735c51895e628797733  samba-2.2.7-i386-1.tgz



+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+


Slackware® is a registered trademark of Slackware Linux, Inc. All logos and graphics are copyrighted.