2010年9月15日

[installer 2505] samba-3.5.5, 3.4.9, 3.3.14

samba-3.5.5, 3.4.9, 3.3.14 出ています。

セキュリティホールの修正が含まれています。
http://samba.org/samba/security/CVE-2010-3069.html
参照のこと。

☆ samba-3.5.5
http://samba.org/

http://www.samba.org/samba/ftp/samba-3.5.5.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.5.5.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.5.5.tar.gz

=============================
Release Notes for Samba 3.5.5
September 14, 2010
=============================


This is a security release in order to address CVE-2010-3069.


o CVE-2010-3069:
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.


Changes since 3.5.4
--------------------


o Jeremy Allison <jra@xxxxx>
* BUG 7669: Fix for CVE-2010-3069.


o Andrew Bartlett <abartlet@xxxxx>
* BUG 7669: Fix for CVE-2010-3069.


☆ samba-3.4.9
http://samba.org/
http://www.samba.org/samba/ftp/samba-3.4.9.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.4.9.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.4.9.tar.gz

=============================
Release Notes for Samba 3.4.9
September 14, 2010
=============================


This is a security release in order to address CVE-2010-3069.


o CVE-2010-3069:
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.


Changes since 3.4.8
-------------------


o Jeremy Allison <jra@xxxxx>
* BUG 7669: Fix for CVE-2010-3069.


o Andrew Bartlett <abartlet@xxxxx>
* BUG 7669: Fix for CVE-2010-3069.


☆ samba-3.3.14
http://samba.org/
http://www.samba.org/samba/ftp/samba-3.3.14.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.3.14.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.3.14.tar.gz

==============================
Release Notes for Samba 3.3.14
September 14, 2010
==============================


This is a security release in order to address CVE-2010-3069.


o CVE-2010-3069:
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.


Changes since 3.3.13
--------------------


o Jeremy Allison <jra@xxxxx>
* BUG 7669: Fix for CVE-2010-3069.


o Andrew Bartlett <abartlet@xxxxx>
* BUG 7669: Fix for CVE-2010-3069.

----
こがよういちろう


投稿者 xml-rpc : 2010年9月15日 09:45
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/98422
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。