lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MZSYv-00087V-7h@titan.mandriva.com>
Date: Fri, 07 Aug 2009 18:45:01 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:196 ] samba


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:196
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : samba
 Date    : August 7, 2009
 Affected: 2009.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in samba:
 
 Multiple format string vulnerabilities in client/client.c in smbclient
 in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers
 to execute arbitrary code via format string specifiers in a filename
 (CVE-2009-1886).
 
 The acl_group_override function in smbd/posix_acls.c in smbd in Samba
 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before
 3.3.6, when dos filemode is enabled, allows remote attackers to modify
 access control lists for files via vectors related to read access to
 uninitialized memory (CVE-2009-1888).
 
 This update provides samba 3.2.13 to address these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 e560c29e7403b4cba66a0af49ca2ae7c  2009.0/i586/libnetapi0-3.2.13-0.2mdv2009.0.i586.rpm
 30594671d155a78c5ef2bb6884fb48c7  2009.0/i586/libnetapi-devel-3.2.13-0.2mdv2009.0.i586.rpm
 1991fdbc46b32ef1524d1e3a2bac1740  2009.0/i586/libsmbclient0-3.2.13-0.2mdv2009.0.i586.rpm
 fef67835324adf11412cb7d1d91f6002  2009.0/i586/libsmbclient0-devel-3.2.13-0.2mdv2009.0.i586.rpm
 70954d4b5ae651bf24858dc2ce21cd42  2009.0/i586/libsmbclient0-static-devel-3.2.13-0.2mdv2009.0.i586.rpm
 9f9c22b65704a296b13a6fc5353572c0  2009.0/i586/libsmbsharemodes0-3.2.13-0.2mdv2009.0.i586.rpm
 fbbd2a30a11fc6ff96e2f48e980e3ca1  2009.0/i586/libsmbsharemodes-devel-3.2.13-0.2mdv2009.0.i586.rpm
 6502c7f11c59ca41dd75d6c308ece50b  2009.0/i586/libtalloc1-3.2.13-0.2mdv2009.0.i586.rpm
 9b11a3cd2a9e57e650730c9d932cbe59  2009.0/i586/libtalloc-devel-3.2.13-0.2mdv2009.0.i586.rpm
 c5cde67f780ad0b519cce0edf2f84b35  2009.0/i586/libtdb1-3.2.13-0.2mdv2009.0.i586.rpm
 f86a61c041ff4b3ce340b8538fb3fad0  2009.0/i586/libtdb-devel-3.2.13-0.2mdv2009.0.i586.rpm
 63d98b035746c755e6ef9ccc20b6aa54  2009.0/i586/libwbclient0-3.2.13-0.2mdv2009.0.i586.rpm
 fe1d9de3586f62f7f71d3fb8543afb05  2009.0/i586/libwbclient-devel-3.2.13-0.2mdv2009.0.i586.rpm
 4b8e0e89f421a8cf3d9098509f89df31  2009.0/i586/mount-cifs-3.2.13-0.2mdv2009.0.i586.rpm
 55e106b2e362d3a170b610dcc56a95ca  2009.0/i586/nss_wins-3.2.13-0.2mdv2009.0.i586.rpm
 18d89f67875c05a49101adfa4e8158a6  2009.0/i586/samba-client-3.2.13-0.2mdv2009.0.i586.rpm
 6857e6b62dececc2b1cdba210d1bc60d  2009.0/i586/samba-common-3.2.13-0.2mdv2009.0.i586.rpm
 6e5f88bb6bca89cae7d6f81629a993a2  2009.0/i586/samba-doc-3.2.13-0.2mdv2009.0.i586.rpm
 b9afd040b14654f9abb0fe44a80967c8  2009.0/i586/samba-server-3.2.13-0.2mdv2009.0.i586.rpm
 9dcf16a44adf335c3978b407d2c24458  2009.0/i586/samba-swat-3.2.13-0.2mdv2009.0.i586.rpm
 89e54f80f8d87d7d645da21ab1b3c6ae  2009.0/i586/samba-winbind-3.2.13-0.2mdv2009.0.i586.rpm 
 853a7a0d04efb98ccd1b86389e606477  2009.0/SRPMS/samba-3.2.13-0.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b8ca0a3e779b512b317e964669342bde  2009.0/x86_64/lib64netapi0-3.2.13-0.2mdv2009.0.x86_64.rpm
 a232c45d2dc2daa2245edd061fb7522d  2009.0/x86_64/lib64netapi-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 31f5d6c964ede6056e75eafa883be697  2009.0/x86_64/lib64smbclient0-3.2.13-0.2mdv2009.0.x86_64.rpm
 804794a279e87d9800d7a2de2883dfd6  2009.0/x86_64/lib64smbclient0-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 6b41b9baaed9ab4be204c013a2f70c23  2009.0/x86_64/lib64smbclient0-static-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 99e49f97d78ea96f42c217c75ae3fb5b  2009.0/x86_64/lib64smbsharemodes0-3.2.13-0.2mdv2009.0.x86_64.rpm
 0480776e8e155c33b5ab05ab98a44e20  2009.0/x86_64/lib64smbsharemodes-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 883a70cf9b7c7cf2c25905cd8509b761  2009.0/x86_64/lib64talloc1-3.2.13-0.2mdv2009.0.x86_64.rpm
 86b45439f801e342b5b47a0de14cc26f  2009.0/x86_64/lib64talloc-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 16454ad3e8652a9d3eb699d8c61bf47b  2009.0/x86_64/lib64tdb1-3.2.13-0.2mdv2009.0.x86_64.rpm
 6ecebcae2880cc287195f0df3478f602  2009.0/x86_64/lib64tdb-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 dda3d4bee0e04ca670c987d6529304c5  2009.0/x86_64/lib64wbclient0-3.2.13-0.2mdv2009.0.x86_64.rpm
 2ee38c52565088b3f074d69e7e4525cf  2009.0/x86_64/lib64wbclient-devel-3.2.13-0.2mdv2009.0.x86_64.rpm
 d97168bc98f06e08bfbd311c0b569f80  2009.0/x86_64/mount-cifs-3.2.13-0.2mdv2009.0.x86_64.rpm
 fb8b49a66055787e0dc711c0284ede5f  2009.0/x86_64/nss_wins-3.2.13-0.2mdv2009.0.x86_64.rpm
 98fa55b725abf3122de9c1a379ada0be  2009.0/x86_64/samba-client-3.2.13-0.2mdv2009.0.x86_64.rpm
 333ac01dc9006cb1a5373d5ed0d8a8d8  2009.0/x86_64/samba-common-3.2.13-0.2mdv2009.0.x86_64.rpm
 13dd58dd57bc701a8435bc08e53a86d3  2009.0/x86_64/samba-doc-3.2.13-0.2mdv2009.0.x86_64.rpm
 76173d6b22d6ebbe278785e395114638  2009.0/x86_64/samba-server-3.2.13-0.2mdv2009.0.x86_64.rpm
 3cd76bb72d24726258fa7a3ddca4ba5b  2009.0/x86_64/samba-swat-3.2.13-0.2mdv2009.0.x86_64.rpm
 b6d64c576008dcb247b84397709f57ee  2009.0/x86_64/samba-winbind-3.2.13-0.2mdv2009.0.x86_64.rpm 
 853a7a0d04efb98ccd1b86389e606477  2009.0/SRPMS/samba-3.2.13-0.2mdv2009.0.src.rpm

 Mandriva Enterprise Server 5:
 69d3bf5264b42006b6d29806d7148304  mes5/i586/libnetapi0-3.2.13-0.2mdvmes5.i586.rpm
 e105411f90103f58af8c32b5659a3663  mes5/i586/libnetapi-devel-3.2.13-0.2mdvmes5.i586.rpm
 6caac3db13b68866b133480fc2ac24c3  mes5/i586/libsmbclient0-3.2.13-0.2mdvmes5.i586.rpm
 36672e9387601118c0a7d1eda4e586e9  mes5/i586/libsmbclient0-devel-3.2.13-0.2mdvmes5.i586.rpm
 dcef8f37c61352976bdbe3d2f4eb6b83  mes5/i586/libsmbclient0-static-devel-3.2.13-0.2mdvmes5.i586.rpm
 e466863ee1addc9575f9628e2b5534c8  mes5/i586/libsmbsharemodes0-3.2.13-0.2mdvmes5.i586.rpm
 bc3938d90434500f79157d9b20a6652f  mes5/i586/libsmbsharemodes-devel-3.2.13-0.2mdvmes5.i586.rpm
 6dc5996b9cbb4102d40d8e1a8aca7003  mes5/i586/libtalloc1-3.2.13-0.2mdvmes5.i586.rpm
 2d55b4ece3ed1a5623ff4e1728feba8f  mes5/i586/libtalloc-devel-3.2.13-0.2mdvmes5.i586.rpm
 a50cdba2a0c5b183f021771958a307ca  mes5/i586/libtdb1-3.2.13-0.2mdvmes5.i586.rpm
 e739b717df5142e0de31784ef46c19ea  mes5/i586/libtdb-devel-3.2.13-0.2mdvmes5.i586.rpm
 bdda31bfc67f2b38e97b017a01a99954  mes5/i586/libwbclient0-3.2.13-0.2mdvmes5.i586.rpm
 ba39d40a934553466653ab3ae15150dd  mes5/i586/libwbclient-devel-3.2.13-0.2mdvmes5.i586.rpm
 38b55ad1d8a225ace7b4a5ad9cc068a8  mes5/i586/mount-cifs-3.2.13-0.2mdvmes5.i586.rpm
 ef930361464e5987300a2c68623605b0  mes5/i586/nss_wins-3.2.13-0.2mdvmes5.i586.rpm
 1dec5cfa4740ebe79b7b9e57b701c571  mes5/i586/samba-client-3.2.13-0.2mdvmes5.i586.rpm
 dba7905d92718f15026c74856a5fd11a  mes5/i586/samba-common-3.2.13-0.2mdvmes5.i586.rpm
 be93a92f129b90a82683b2d5ed798086  mes5/i586/samba-doc-3.2.13-0.2mdvmes5.i586.rpm
 7065565daa66360f5c1f037fd5e11bde  mes5/i586/samba-server-3.2.13-0.2mdvmes5.i586.rpm
 efb3b8d697cdfea9297581749a3774d3  mes5/i586/samba-swat-3.2.13-0.2mdvmes5.i586.rpm
 56e3121bb0b17cc0e7208ad7cf897861  mes5/i586/samba-winbind-3.2.13-0.2mdvmes5.i586.rpm 
 e37bf698cb6291fabb03c191822940a4  mes5/SRPMS/samba-3.2.13-0.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 5c81cae7fb76d796272a9995e6c3b7c6  mes5/x86_64/lib64netapi0-3.2.13-0.2mdvmes5.x86_64.rpm
 c8ca656e7706b2f0ffca58483e7a315f  mes5/x86_64/lib64netapi-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 b09f4161a8dc94fc286475d379d5f184  mes5/x86_64/lib64smbclient0-3.2.13-0.2mdvmes5.x86_64.rpm
 4605d39bdcce2156aa57915ac0cd9805  mes5/x86_64/lib64smbclient0-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 636b818e46df1740bc5a0b0a9e07bade  mes5/x86_64/lib64smbclient0-static-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 2ccaec3e555174c9f01be4d56fb0bcec  mes5/x86_64/lib64smbsharemodes0-3.2.13-0.2mdvmes5.x86_64.rpm
 942ab9c47844b304bc614dda4f92af43  mes5/x86_64/lib64smbsharemodes-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 e9615b13fab8296413c6c1b090d274fd  mes5/x86_64/lib64talloc1-3.2.13-0.2mdvmes5.x86_64.rpm
 2694c1b30151bca31e67b42dfe19bbd9  mes5/x86_64/lib64talloc-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 fe2909c38bc45d6de90960e294352908  mes5/x86_64/lib64tdb1-3.2.13-0.2mdvmes5.x86_64.rpm
 0cf2b56b5da499c8facdefff4d94b0bd  mes5/x86_64/lib64tdb-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 54e33bc818f206dc9164faf76e85fc5c  mes5/x86_64/lib64wbclient0-3.2.13-0.2mdvmes5.x86_64.rpm
 88ed36e49c31f49a66a86fa4ff8e2b25  mes5/x86_64/lib64wbclient-devel-3.2.13-0.2mdvmes5.x86_64.rpm
 0c2a3fda8a2daf1d6ff7be6e36c4a077  mes5/x86_64/mount-cifs-3.2.13-0.2mdvmes5.x86_64.rpm
 29723b335614bd95ed628de185094fa5  mes5/x86_64/nss_wins-3.2.13-0.2mdvmes5.x86_64.rpm
 a29c280fafbbcb2dfb42ea8bc8c56ae3  mes5/x86_64/samba-client-3.2.13-0.2mdvmes5.x86_64.rpm
 3636cd013a6e529f18d4b49455c9a686  mes5/x86_64/samba-common-3.2.13-0.2mdvmes5.x86_64.rpm
 91a2df862fd97dcd6b6396e788da1206  mes5/x86_64/samba-doc-3.2.13-0.2mdvmes5.x86_64.rpm
 1f4c9cbc1f8dc635e7a1aa3d5523d807  mes5/x86_64/samba-server-3.2.13-0.2mdvmes5.x86_64.rpm
 bb1172236f7389c22d942f804c9e34a1  mes5/x86_64/samba-swat-3.2.13-0.2mdvmes5.x86_64.rpm
 55bdb438e23ae8e3cc131298800d9a98  mes5/x86_64/samba-winbind-3.2.13-0.2mdvmes5.x86_64.rpm 
 e37bf698cb6291fabb03c191822940a4  mes5/SRPMS/samba-3.2.13-0.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKfC47mqjQ0CJFipgRAkmVAKDi+Xf6tkPhj3JcORD5Amnalh4SqgCgwyVn
aO4amfUxj9NmDgveW0qyYhw=
=/U8f
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ