2009年10月 2日

[installer 2093] samba-3.0.37, 3.2.15, 3.3.8, 3.4.2

samba-3.0.37, 3.2.15, 3.3.8, 3.4.2 出ています。

複数のセキュリティホールの修正です。
http://www.samba.org/samba/security/CVE-2009-2813.html
http://www.samba.org/samba/security/CVE-2009-2906.html
http://www.samba.org/samba/security/CVE-2009-2948.html
参照のこと。

☆ samba-3.0.37
http://samba.org/
http://www.samba.org/samba/ftp/samba-3.0.37.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.0.37.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.0.37.tar.gz

==============================
Release Notes for Samba 3.0.37
October, 1 2009
==============================


This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
Please note that Samba 3.0 is not maintained any longer. This security
release is shipped on a voluntary basis.

o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.

o CVE-2009-2948:
If mount.cifs is installed as a setuid program, a user can pass it a
credential or password path to which he or she does not have access and
then use the --verbose option to view the first line of that file.

o CVE-2009-2906:
Specially crafted SMB requests on authenticated SMB connections can
send smbd into a 100% CPU loop, causing a DoS on the Samba server.


######################################################################
Changes
#######

Changes since 3.0.36
--------------------


o Jeremy Allison <jra@xxxxx>
* BUG 6763: Fix for CVE-2009-2813.
* BUG 6768: Fix for CVE-2009-2906.


o Jeff Layton <jlayton@xxxxx>
* Fix for CVE-2009-2948.


☆ samba-3.2.15
http://samba.org/
http://www.samba.org/samba/ftp/samba-3.2.15.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.2.15.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.2.15.tar.gz

==============================
Release Notes for Samba 3.2.15
October 1, 2009
==============================


This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.

o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.

o CVE-2009-2948:
If mount.cifs is installed as a setuid program, a user can pass it a
credential or password path to which he or she does not have access and
then use the --verbose option to view the first line of that file.
All known Samba versions are affected.

o CVE-2009-2906:
Specially crafted SMB requests on authenticated SMB connections can
send smbd into a 100% CPU loop, causing a DoS on the Samba server.


######################################################################
Changes
#######

Changes since 3.2.14
--------------------


o Jeremy Allison <jra@xxxxx>
* BUG 6763: Fix for CVE-2009-2813.
* BUG 6768: Fix for CVE-2009-2906.


o Jeff Layton <jlayton@xxxxx>
* Fix for CVE-2009-2948.


☆ samba-3.3.8
http://samba.org/
http://www.samba.org/samba/ftp/samba-3.3.8.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.3.8.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.3.8.tar.gz

=============================
Release Notes for Samba 3.3.8
October, 1 2009
=============================


This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.

o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.

o CVE-2009-2948:
If mount.cifs is installed as a setuid program, a user can pass it a
credential or password path to which he or she does not have access and
then use the --verbose option to view the first line of that file.
All known Samba versions are affected.

o CVE-2009-2906:
Specially crafted SMB requests on authenticated SMB connections can
send smbd into a 100% CPU loop, causing a DoS on the Samba server.


######################################################################
Changes
#######

Changes since 3.3.7
-------------------


o Jeremy Allison <jra@xxxxx>
* BUG 6763: Fix for CVE-2009-2813.
* BUG 6768: Fix for CVE-2009-2906.


o Jeff Layton <jlayton@xxxxx>
* Fix for CVE-2009-2948.


☆ samba-3.4.2
http://samba.org/
http://www.samba.org/samba/ftp/samba-3.4.2.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.4.2.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.4.2.tar.gz

=============================
Release Notes for Samba 3.4.2
October 1, 2009
=============================


This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.

o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.

o CVE-2009-2948:
If mount.cifs is installed as a setuid program, a user can pass it a
credential or password path to which he or she does not have access and
then use the --verbose option to view the first line of that file.
All known Samba versions are affected.

o CVE-2009-2906:
Specially crafted SMB requests on authenticated SMB connections can
send smbd into a 100% CPU loop, causing a DoS on the Samba server.


######################################################################
Changes
#######

Changes since 3.4.1
-------------------


o Jeremy Allison <jra@xxxxx>
* BUG 6763: Fix for CVE-2009-2813.
* BUG 6768: Fix for CVE-2009-2906.


o Jeff Layton <jlayton@xxxxx>
* Fix for CVE-2009-2948.

----
こがよういちろう


投稿者 xml-rpc : 2009年10月 2日 12:27
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/89103
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。