-----BEGIN PGP SIGNED MESSAGE-----


The version of samba as distributed in Debian GNU/Linux 2.1 has a couple of
security problems:
* a Denial-of-Service attack against nmbd was possible
* it was possible to exploit smbd if you had a message command defined
  which used the %f or %M formatter.
* smbmnt's check to see if a user is allowed to create a mount was flawed
  which allowed users to mount at arbitraty mountpoints in the filesystem

These problems have been fixed in version 2.0.5a-1. We recommend you upgrade
your samba packages immediately.

Please note that this is a major upgrade so please be careful when you upgrade
since some changes to the configuration file might be necessary. The 
configuration
file also moved to a new location (/etc/samba).

The smbfsx package is also obsolete with this update and has been replaced by
smbfs, which can handle both 2.0 and 2.2 kernels now.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  Source archives:
          MD5 checksum: 1354ea63f79e7fa0b4b71685dbac118b
          MD5 checksum: e51aeb259913179b60dbddd0b9e70bf5
    .
tar.gz
      MD5 checksum: 497e5f98ed9b520b18e926ff2f7307ba

  Architecture indendent archives:
          MD5 checksum: a9c1addcff72605f66a2334eef5e25ef

  Alpha architecture:
          MD5 checksum: 48b9651e2cefd6f6ad820ded9ebc9191
          MD5 checksum: 9bb86e810254fe59feb02e817815b64f
          MD5 checksum: 54a89ad98e1167a3265ff30881618b3f
          MD5 checksum: 596e22cdf0848fcffd1885f16b38cf83
          MD5 checksum: 5003fb2a3555daddd3d877529ac65e1e
          MD5 checksum: e99ec78abdac4a8ab1348773e3fa32cd

  Intel ia32 architecture:
          MD5 checksum: eb8b9aa964912975db301f1e83919d36
          MD5 checksum: 799ab1a56dd726548c33a130edfb9231
          MD5 checksum: f5db7b12b67b24048d7ff915c9ec77ee
          MD5 checksum: b6e90edf5db22cf3952a01f726cb7dd7
          MD5 checksum: afabbae0e5ffdd03475a302586d75be5
          MD5 checksum: bd235e608944c7cd3cc7a17fceab0199

  Motorola 680x0 architecture:
          MD5 checksum: 91d8b04d9ef76ca08fff5938007eb235
          MD5 checksum: 6404ca678a20ad17e44b6c74cc3182a1
          MD5 checksum: 37f0a04da50f9880b22cb3eaf27b2794
          MD5 checksum: 3685040bee6e01039f6588f97dab2c26
          MD5 checksum: 1a43221c50137cbf5d94f7ad90ab548e
          MD5 checksum: 7b5e610c9b044fe81ac66881ea59af64

  Sun Sparc architecture:
          MD5 checksum: f4713291f719de2f32543e0fc37506ea
          MD5 checksum: afb22260c07c60e4afd390bb3e108674
          MD5 checksum: 28b22378ddb79b05d29b4b4fac2038c4
          MD5 checksum: 8747b52257b451a1e19c93ea10048369
          MD5 checksum: 420bfe236fcc1591175acd7eb3ad83e0
          MD5 checksum: 38380d76284421c18e557e2d3a413a62

  These files will be moved into
   soon.

For not yet released architectures please refer to the appropriate
directory  .

- -- 
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
   .     .   


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN6IrDKjZR/ntlUftAQEmjAL/RGbp66V6Mf99rfM6i+flJiR0/3r+FfNO
hQFTAkQ0avO+ta/rgeiVDFuBV0Paw60bPyObBB9ey7+P3ZCtNMKN9jQQHUMwBTCM
6nPq4bbgAxInR3AvDiIOcn//JWR7ShOM
=s865
-----END PGP SIGNATURE-----

New version of samba released

December 13, 1999
The version of samba as distributed in Debian GNU/Linux 2.1 has a couple ofsecurity problems:* a Denial-of-Service attack against nmbd was possible* it was possible to exploit smbd...

Summary

The version of samba as distributed in Debian GNU/Linux 2.1 has a couple of
security problems:
* a Denial-of-Service attack against nmbd was possible
* it was possible to exploit smbd if you had a message command defined
which used the %f or %M formatter.
* smbmnt's check to see if a user is allowed to create a mount was flawed
which allowed users to mount at arbitraty mountpoints in the filesystem

These problems have been fixed in version 2.0.5a-1. We recommend you upgrade
your samba packages immediately.

Please note that this is a major upgrade so please be careful when you upgrade
since some changes to the configuration file might be necessary. The
configuration
file also moved to a new location (/etc/samba).

The smbfsx package is also obsolete with this update and has been replaced by
smbfs, which can handle both 2.0 and 2.2 kernels now.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink

This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.

Source archives:
MD5 checksum: 1354ea63f79e7fa0b4b71685dbac118b
MD5 checksum: e51aeb259913179b60dbddd0b9e70bf5
.
tar.gz
MD5 checksum: 497e5f98ed9b520b18e926ff2f7307ba

Architecture indendent archives:
MD5 checksum: a9c1addcff72605f66a2334eef5e25ef

Alpha architecture:
MD5 checksum: 48b9651e2cefd6f6ad820ded9ebc9191
MD5 checksum: 9bb86e810254fe59feb02e817815b64f
MD5 checksum: 54a89ad98e1167a3265ff30881618b3f
MD5 checksum: 596e22cdf0848fcffd1885f16b38cf83
MD5 checksum: 5003fb2a3555daddd3d877529ac65e1e
MD5 checksum: e99ec78abdac4a8ab1348773e3fa32cd

Intel ia32 architecture:
MD5 checksum: eb8b9aa964912975db301f1e83919d36
MD5 checksum: 799ab1a56dd726548c33a130edfb9231
MD5 checksum: f5db7b12b67b24048d7ff915c9ec77ee
MD5 checksum: b6e90edf5db22cf3952a01f726cb7dd7
MD5 checksum: afabbae0e5ffdd03475a302586d75be5
MD5 checksum: bd235e608944c7cd3cc7a17fceab0199

Motorola 680x0 architecture:
MD5 checksum: 91d8b04d9ef76ca08fff5938007eb235
MD5 checksum: 6404ca678a20ad17e44b6c74cc3182a1
MD5 checksum: 37f0a04da50f9880b22cb3eaf27b2794
MD5 checksum: 3685040bee6e01039f6588f97dab2c26
MD5 checksum: 1a43221c50137cbf5d94f7ad90ab548e
MD5 checksum: 7b5e610c9b044fe81ac66881ea59af64

Sun Sparc architecture:
MD5 checksum: f4713291f719de2f32543e0fc37506ea
MD5 checksum: afb22260c07c60e4afd390bb3e108674
MD5 checksum: 28b22378ddb79b05d29b4b4fac2038c4
MD5 checksum: 8747b52257b451a1e19c93ea10048369
MD5 checksum: 420bfe236fcc1591175acd7eb3ad83e0
MD5 checksum: 38380d76284421c18e557e2d3a413a62

These files will be moved into
soon.

For not yet released architectures please refer to the appropriate
directory .

- --
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
. .


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN6IrDKjZR/ntlUftAQEmjAL/RGbp66V6Mf99rfM6i+flJiR0/3r+FfNO
hQFTAkQ0avO+ta/rgeiVDFuBV0Paw60bPyObBB9ey7+P3ZCtNMKN9jQQHUMwBTCM
6nPq4bbgAxInR3AvDiIOcn//JWR7ShOM
=s865
-----END PGP SIGNATURE-----




Severity

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved