Date: 18 Nov 2004 23:48:30 -0000
From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2004:136 - Updated samba packages fix remote vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: samba
Advisory ID: MDKSA-2004:136
Date: November 18th, 2004
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
Steffan Esser discovered that invalid bounds checking in reply to
certain trans2 requests could result in a buffer overrun in smbd.
This can only be exploited by a malicious user able to create files
with very specific Unicode filenames on a samba share.
The updated packages have been patched to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
9b1cbb94f9b6a29f4db47d6362c7dc59 10.0/RPMS/libsmbclient0-3.0.6-4.3.100mdk.i586.rpm
13d208678296f156851550d2fa6be003 10.0/RPMS/libsmbclient0-devel-3.0.6-4.3.100mdk.i586.rpm
41ed3906b38c216647f0b4abb2b0e148 10.0/RPMS/libsmbclient0-static-devel-3.0.6-4.3.100mdk.i586.rpm
2949c6f12e1ae592d7d25cdd418cf3ab 10.0/RPMS/nss_wins-3.0.6-4.3.100mdk.i586.rpm
81851b7b52e2db6271af33820b0d9e7f 10.0/RPMS/samba-client-3.0.6-4.3.100mdk.i586.rpm
efde2c032fb6f83a1d8c4628790b9946 10.0/RPMS/samba-common-3.0.6-4.3.100mdk.i586.rpm
714bb9e00bf4452854c90caced2551a4 10.0/RPMS/samba-doc-3.0.6-4.3.100mdk.i586.rpm
1b31b3fe682ecd29d089e9128647cc77 10.0/RPMS/samba-passdb-mysql-3.0.6-4.3.100mdk.i586.rpm
48ba46d5f50b50dcfb8f38fd6bd719e5 10.0/RPMS/samba-passdb-pgsql-3.0.6-4.3.100mdk.i586.rpm
4e0e3b905b2fe0127ecfc08e1da3796e 10.0/RPMS/samba-passdb-xml-3.0.6-4.3.100mdk.i586.rpm
888317c3b5fa0c9463e163b7c73075b7 10.0/RPMS/samba-server-3.0.6-4.3.100mdk.i586.rpm
109efb2384cda0e3016c0b288f710e87 10.0/RPMS/samba-swat-3.0.6-4.3.100mdk.i586.rpm
cef9d2b07f8355c02d69986d2afddb33 10.0/RPMS/samba-winbind-3.0.6-4.3.100mdk.i586.rpm
10c369789d118dab97c86f28e4207ce5 10.0/SRPMS/samba-3.0.6-4.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
8d810908b095dc8672eb7819bd15f0b2 amd64/10.0/RPMS/lib64smbclient0-3.0.6-4.3.100mdk.amd64.rpm
27a93b3cf869598fa23a37392c69d339 amd64/10.0/RPMS/lib64smbclient0-devel-3.0.6-4.3.100mdk.amd64.rpm
557e63312a94f1bdc42982f240d140ca amd64/10.0/RPMS/lib64smbclient0-static-devel-3.0.6-4.3.100mdk.amd64.rpm
8e7cd945f7d406a049d7d8e79afc97b4 amd64/10.0/RPMS/nss_wins-3.0.6-4.3.100mdk.amd64.rpm
06873271e882b5f00b72b7733664cb0a amd64/10.0/RPMS/samba-client-3.0.6-4.3.100mdk.amd64.rpm
fff4d9c9aa1d33a2b5c9c9a60e87a145 amd64/10.0/RPMS/samba-common-3.0.6-4.3.100mdk.amd64.rpm
83404ba5b9b0a65ecdd820fc6fa4423c amd64/10.0/RPMS/samba-doc-3.0.6-4.3.100mdk.amd64.rpm
efdd9b19800f9f076a7e4e0c1314fd35 amd64/10.0/RPMS/samba-passdb-mysql-3.0.6-4.3.100mdk.amd64.rpm
436ec72f9ad76315e37906f6d5699a17 amd64/10.0/RPMS/samba-passdb-pgsql-3.0.6-4.3.100mdk.amd64.rpm
415491ad3ade4577113d240ad98a88f2 amd64/10.0/RPMS/samba-passdb-xml-3.0.6-4.3.100mdk.amd64.rpm
6ae1e74ad89e997b9caf15b4a65a78ea amd64/10.0/RPMS/samba-server-3.0.6-4.3.100mdk.amd64.rpm
623364413e9634f06e0e0cbf990535ce amd64/10.0/RPMS/samba-swat-3.0.6-4.3.100mdk.amd64.rpm
809e3c4b6faca289d76e23438df4bf07 amd64/10.0/RPMS/samba-winbind-3.0.6-4.3.100mdk.amd64.rpm
10c369789d118dab97c86f28e4207ce5 amd64/10.0/SRPMS/samba-3.0.6-4.3.100mdk.src.rpm
Mandrakelinux 10.1:
7701679643c47d6123b6552e46c22919 10.1/RPMS/libsmbclient0-3.0.7-2.2.101mdk.i586.rpm
90cdd7197c880c093bbcd02633f06e04 10.1/RPMS/libsmbclient0-devel-3.0.7-2.2.101mdk.i586.rpm
eef0fdf0c63aaf7ea38040f08a44c0ff 10.1/RPMS/libsmbclient0-static-devel-3.0.7-2.2.101mdk.i586.rpm
2303f39d131fdc6e85c4e7b3d29eab30 10.1/RPMS/nss_wins-3.0.7-2.2.101mdk.i586.rpm
0171975fe323cf1d7ac036087a7e967e 10.1/RPMS/samba-client-3.0.7-2.2.101mdk.i586.rpm
8aabb86ac1d0235d5f95353a52f2ee62 10.1/RPMS/samba-common-3.0.7-2.2.101mdk.i586.rpm
7a2537f0534ae7e643e21671b5a77cba 10.1/RPMS/samba-doc-3.0.7-2.2.101mdk.i586.rpm
5efc2a327a946a7266daabe64ebf6ed8 10.1/RPMS/samba-passdb-mysql-3.0.7-2.2.101mdk.i586.rpm
f48c3bc088a21e71eba00e7d18dc3538 10.1/RPMS/samba-passdb-pgsql-3.0.7-2.2.101mdk.i586.rpm
3a5483ec112532ffb1e7bc8d7ab3722d 10.1/RPMS/samba-passdb-xml-3.0.7-2.2.101mdk.i586.rpm
42c0de84041d35a6608a4434c3f0aee1 10.1/RPMS/samba-server-3.0.7-2.2.101mdk.i586.rpm
16a096aaf7504e4462828f171d42e924 10.1/RPMS/samba-swat-3.0.7-2.2.101mdk.i586.rpm
7f173153c61f02902aaf3290e964fdd9 10.1/RPMS/samba-vscan-clamav-3.0.7-2.2.101mdk.i586.rpm
4b91a38b17f12fd70b4cc394a239a170 10.1/RPMS/samba-vscan-icap-3.0.7-2.2.101mdk.i586.rpm
4cd663bc68e60bb769730526d0f0a3d5 10.1/RPMS/samba-winbind-3.0.7-2.2.101mdk.i586.rpm
b08516b0a07d8869f4a551a107567b27 10.1/SRPMS/samba-3.0.7-2.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
3ddaefe4af1c36f8c6a536824bb5c068 x86_64/10.1/RPMS/lib64smbclient0-3.0.7-2.2.101mdk.x86_64.rpm
01aac06976ee04a1c92f5f2b2c44630c x86_64/10.1/RPMS/lib64smbclient0-devel-3.0.7-2.2.101mdk.x86_64.rpm
471a7bc9b457b84ccc2cf64195ea8425 x86_64/10.1/RPMS/lib64smbclient0-static-devel-3.0.7-2.2.101mdk.x86_64.rpm
aca44dd76958e392e0a3d7ed98d9c60c x86_64/10.1/RPMS/nss_wins-3.0.7-2.2.101mdk.x86_64.rpm
c03d10fe41f44d3e4966bfd14cc72bb3 x86_64/10.1/RPMS/samba-client-3.0.7-2.2.101mdk.x86_64.rpm
06d40afd3b15849ffabb17f0a0240602 x86_64/10.1/RPMS/samba-common-3.0.7-2.2.101mdk.x86_64.rpm
406a507ee4aec3134401991cdb84f361 x86_64/10.1/RPMS/samba-doc-3.0.7-2.2.101mdk.x86_64.rpm
17c9c6e774650e0411e5b7a841583ce2 x86_64/10.1/RPMS/samba-passdb-mysql-3.0.7-2.2.101mdk.x86_64.rpm
635a5fbe750423abbdb26003d01eda6b x86_64/10.1/RPMS/samba-passdb-pgsql-3.0.7-2.2.101mdk.x86_64.rpm
9cf5f0dbe5959add0585f1db33f4cebf x86_64/10.1/RPMS/samba-passdb-xml-3.0.7-2.2.101mdk.x86_64.rpm
c34bc9d57dcf5f0996463207e43d2810 x86_64/10.1/RPMS/samba-server-3.0.7-2.2.101mdk.x86_64.rpm
c95fd60d5ffd00cadb994dc60536a8cb x86_64/10.1/RPMS/samba-swat-3.0.7-2.2.101mdk.x86_64.rpm
046c451eb67072dc6b375eb902cd73d6 x86_64/10.1/RPMS/samba-vscan-clamav-3.0.7-2.2.101mdk.x86_64.rpm
4796c8108dd6f62c36920d6d6b603fdd x86_64/10.1/RPMS/samba-vscan-icap-3.0.7-2.2.101mdk.x86_64.rpm
c2b00282b990cf775c09171fbfb077c2 x86_64/10.1/RPMS/samba-winbind-3.0.7-2.2.101mdk.x86_64.rpm
b08516b0a07d8869f4a551a107567b27 x86_64/10.1/SRPMS/samba-3.0.7-2.2.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBnTTOmqjQ0CJFipgRAn3OAKCRgjxjBTQy6q7VoMcY+OeV+c7m2QCfTk97
xwaFXT3MKVPFuHyWzG6sZrg=
=kyaT
-----END PGP SIGNATURE-----