[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LZsOn-0005Y6-LD@titan.mandriva.com>
Date: Wed, 18 Feb 2009 20:48:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:042 ] samba
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:042
http://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : February 18, 2009
Affected: 2009.0
_______________________________________________________________________
Problem Description:
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows
remote authenticated users to access the root filesystem via a crafted
connection request that specifies a blank share name (CVE-2009-0022).
This update provides samba 3.2.7 to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
f9672d52051da5b814933c2f764cf665 2009.0/i586/libnetapi0-3.2.7-0.1mdv2009.0.i586.rpm
8395587171c03b986d6c6debe32d421d 2009.0/i586/libnetapi-devel-3.2.7-0.1mdv2009.0.i586.rpm
419e8930d9a83af98db87db40b532159 2009.0/i586/libsmbclient0-3.2.7-0.1mdv2009.0.i586.rpm
79a9ddeaad8356546d77f40e5f8823b6 2009.0/i586/libsmbclient0-devel-3.2.7-0.1mdv2009.0.i586.rpm
674ed223557b5c9bf137782cf7a24d89 2009.0/i586/libsmbclient0-static-devel-3.2.7-0.1mdv2009.0.i586.rpm
fca38c8651f2dfc79314d4184f9bbfa0 2009.0/i586/libsmbsharemodes0-3.2.7-0.1mdv2009.0.i586.rpm
a863211596f28dc756d79896f4e9e161 2009.0/i586/libsmbsharemodes-devel-3.2.7-0.1mdv2009.0.i586.rpm
f307514ed1e44e777cc852f0314b6159 2009.0/i586/libtalloc1-3.2.7-0.1mdv2009.0.i586.rpm
642ff276c29471425bff0536aeb9bfdf 2009.0/i586/libtalloc-devel-3.2.7-0.1mdv2009.0.i586.rpm
915958f5aefa05cbcf7e9932351aaec5 2009.0/i586/libtdb1-3.2.7-0.1mdv2009.0.i586.rpm
5b0826d63a36305f2eb55cd73bce0fb0 2009.0/i586/libtdb-devel-3.2.7-0.1mdv2009.0.i586.rpm
630fdfaf7ed4bb735f904c655fd7229a 2009.0/i586/libwbclient0-3.2.7-0.1mdv2009.0.i586.rpm
625d0733d9862bee6491695001b3f495 2009.0/i586/libwbclient-devel-3.2.7-0.1mdv2009.0.i586.rpm
24b1dedd7adc4a4b8f41f4049c521190 2009.0/i586/mount-cifs-3.2.7-0.1mdv2009.0.i586.rpm
786b41af61e1231261d8a691e051e6e8 2009.0/i586/nss_wins-3.2.7-0.1mdv2009.0.i586.rpm
3e7c63f3a2252d8222054a77fe51eb0b 2009.0/i586/samba-client-3.2.7-0.1mdv2009.0.i586.rpm
0243aebbb4d47aa1fab3e8498f2bc0ed 2009.0/i586/samba-common-3.2.7-0.1mdv2009.0.i586.rpm
5fb67d67607d4e70c2395917f57143a7 2009.0/i586/samba-doc-3.2.7-0.1mdv2009.0.i586.rpm
d7231c511a3a3e99d9c611a1942e112d 2009.0/i586/samba-server-3.2.7-0.1mdv2009.0.i586.rpm
196ed3589e5cbb63de16098ee947ce78 2009.0/i586/samba-swat-3.2.7-0.1mdv2009.0.i586.rpm
bef4656a6f1d3e1e303a82ce5a5736e8 2009.0/i586/samba-winbind-3.2.7-0.1mdv2009.0.i586.rpm
20b63670ed98d96b046929b19d03b17a 2009.0/SRPMS/samba-3.2.7-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
8543b1c900940717ce87593bcd894ddd 2009.0/x86_64/lib64netapi0-3.2.7-0.1mdv2009.0.x86_64.rpm
f8a4585909a44f037d90f3f40f5408a7 2009.0/x86_64/lib64netapi-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
5e8baaab26d9b709d4b04f7bde88e9a8 2009.0/x86_64/lib64smbclient0-3.2.7-0.1mdv2009.0.x86_64.rpm
797b7746caa92c8ea28a3e1fa218659a 2009.0/x86_64/lib64smbclient0-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
b1ec784b83915df65a7f1d6c06ce46c3 2009.0/x86_64/lib64smbclient0-static-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
b4cbff234e2ce3098b79887097ec1f98 2009.0/x86_64/lib64smbsharemodes0-3.2.7-0.1mdv2009.0.x86_64.rpm
26cd1508a8d960e01b1476d64e9a073c 2009.0/x86_64/lib64smbsharemodes-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
c4ce64515ad474fcfc4a33ba78e8bc25 2009.0/x86_64/lib64talloc1-3.2.7-0.1mdv2009.0.x86_64.rpm
eff77f2eeff1b0f715da1cd6b9885122 2009.0/x86_64/lib64talloc-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
85c16b38fa72a572ff1c09d1de454fb4 2009.0/x86_64/lib64tdb1-3.2.7-0.1mdv2009.0.x86_64.rpm
937d1d412b06fe68e8bd6175c5dbb967 2009.0/x86_64/lib64tdb-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
85fd89501e053f3cd34ec78fbe140803 2009.0/x86_64/lib64wbclient0-3.2.7-0.1mdv2009.0.x86_64.rpm
9d2f55f2a15164e6188b967f99632572 2009.0/x86_64/lib64wbclient-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
f90927126796e521d371749467dc115d 2009.0/x86_64/mount-cifs-3.2.7-0.1mdv2009.0.x86_64.rpm
e51ea5546011dee07fc7f1d1dbbdf04f 2009.0/x86_64/nss_wins-3.2.7-0.1mdv2009.0.x86_64.rpm
40f9be5aafb9a4e7562479fc54414825 2009.0/x86_64/samba-client-3.2.7-0.1mdv2009.0.x86_64.rpm
22a9db213304d56ba1837a9686694478 2009.0/x86_64/samba-common-3.2.7-0.1mdv2009.0.x86_64.rpm
d24f54f23ddf196170c2fe8e149e853f 2009.0/x86_64/samba-doc-3.2.7-0.1mdv2009.0.x86_64.rpm
b3e8420a896d9defaebc749abceb5eb2 2009.0/x86_64/samba-server-3.2.7-0.1mdv2009.0.x86_64.rpm
138562ffad186da5c639241c4d7971e5 2009.0/x86_64/samba-swat-3.2.7-0.1mdv2009.0.x86_64.rpm
cff49e288971a75d4e2b5c812ed36a53 2009.0/x86_64/samba-winbind-3.2.7-0.1mdv2009.0.x86_64.rpm
20b63670ed98d96b046929b19d03b17a 2009.0/SRPMS/samba-3.2.7-0.1mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJnDspmqjQ0CJFipgRAoziAJ95i+DU7idd4Z7cHdggnQiYhWWVkACggd3b
9QVCycWgndaXOr0nP7P/8bo=
=tWVM
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists