Hi
there was an announcement of a security lack in samba. Does somebody know something about a SuSE samba rpm or a patch?
Reinhard.
Yes - but only for the Enterprise products at this time I assume. -------- Original-Nachricht -------- Betreff: Maintenance Support Information {285f090d92ca61da35ead9977cfe9f0e} Datum: Tue, 18 Mar 2003 19:27:27 +0100 Von: maintenance-info@suse.de Title: Security update for Samba (package samba) http://sdb.suse.de/en/psdb/html/285f090d92ca61da35ead9977cfe9f0e.html _______________________________________________________ Applies to Product(s): SuSE Linux Enterprise Server 7 for IA32, SuSE Linux Office Server Package: samba Release: 20030318 Obsoletes: none Indications This patch should be applied to all systems with the Samba file and print services installed. Contraindications None. Problem description The SuSE Security Team performed a security audit of parts of the Samba package and discovered various bugs. Among these bugs an exploitable buffer overflow in the packet fragment re-assembly code has been found. It can be used by a remote attacker to gain root privileges. This strongly recommended update fixes these problems. Samba would also handle long passwords incorrectly, resulting in a buffer overflow. For this reason this version also restricts the password length to a maximum of 128 characters. Solution Please install the updates provided at the location noted below. Remember to update the package samba-classic as described in acticle "Security update for Samba (package samba-classic)" (http://sdb.suse.de/en/psdb/html/200e6de175ab5bb0464bfa94fb9346a9.html) or samba-ldap as described in article "Security update for Samba (package samba-ldap)" (http://sdb.suse.de/en/psdb/html/105d6d20f33108cfb380c9edbb4852a0.html) (depending on your setup) as well. Installation notes This update is provided as an RPM package that can easily be installed onto a running system by using this command: rpm -Fhv samba.rpm _______________________________________________________ Please use the following links to download the packages: SuSE Linux Enterprise Server 7 for IA32 (i386): http://sdb.suse.de/download/i386/update/SuSE-SLES/7/rpm/samba-20030318.rpm SuSE Linux Office Server (i386): http://sdb.suse.de/download/i386/update/SuSE-SLOS/1.0/rpm/samba-20030318.rpm