LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Core 5 Update: samba-3.0.24-5.fc5 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora This release of Samba fixes some Serious security bugs, CVE-2007-2444, CVE-2007-2446 and CVE-2007-2447. Fixes the security bugs which causes a Samba smbd denial of service.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-506
2007-05-14
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : samba
Version     : 3.0.24
Release     : 5.fc5
Summary     : The Samba SMB server.
Description :

Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB server that can be used to
provide network services to SMB (sometimes called "Lan Manager")
clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.

---------------------------------------------------------------------
Update Information:

This release of Samba fixes some Serious security bugs:
- CVE-2007-2444
- CVE-2007-2446
- CVE-2007-2447

Official upstream announcements here:
http://www.samba.org/samba/security/CVE-2007-2444.html
http://www.samba.org/samba/security/CVE-2007-2446.html
http://www.samba.org/samba/security/CVE-2007-2447.html
---------------------------------------------------------------------
* Mon May 14 2007 Simo Sorce  3.0.24-5.fc5
- Security fixes for
  CVE-2007-2444
  CVE-2007-2446
  CVE-2007-2447
* Thu Apr  5 2007 Simo Sorce  3.0.24-4.fc5
- sync up patches from the rawhide packages
* Wed Mar 28 2007 Simo Sorce  3.0.24-3.fc5
- add patch for bug 176649
* Mon Mar 26 2007 Simo Sorce 
- remove patch for bug 106483 as it introduces a new bug that prevents
  the use of a credentials file with the smbclient tar command
* Fri Mar 23 2007 Simo Sorce  3.0.24-2.fc5
- fix log rotate script to no kill -HUP samba daemons
* Fri Mar 23 2007 Simo Sorce  3.0.24-2.fc5
- A newer cups lib introduced new symbols now we depend on,
  adjust dependencies to require the latest cups-libs package.
* Wed Feb  7 2007 Jay Fenlason  3.0.24-1.fc5
- New upstream release
- Update the -man patch to work with 3.0.24
- This release
  fixes CVE-2007-0452 Samba smbd denial of service
* Tue Sep 26 2006 Jay Fenlason  3.0.23c-1.fc5
- Include the newer smb.init that includes the configtest option
- Upgrade to 3.0.23c, obsoleting the -samr_alias patch.
* Wed Aug  9 2006 Jay Fenlason  3.0.23b-1.fc5
- New upstream release, fixing some annoying bugs.
* Mon Jul 24 2006 Jay Fenlason  3.0.23a-1.fc5.1
- Fix the -logfiles patch to close
  bz#199607 Samba compiled with wrong log path.
  bz#199206 smb.conf has incorrect log file path
* Mon Jul 24 2006 Jay Fenlason  3.0.23a-1.fc5
- Upgrade to new upstream 3.0.23a
- include upstream samr_alias patch
* Wed Jul 12 2006 Jay Fenlason  3.0.23-1.fc5
- Upgrade to 3.0.23 to close
  bz#197836 CVE-2006-3403 Samba denial of service
- include related spec file, filter-requires-samba.sh and patch changes
  from rawhide.
- include the fixed smb.init file from rawhide, closing
  bz#182560 Wrong retval for initscript when smbd is dead

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

7863d7676375e34a4ec654ca2f8c75a7f20b2a69  SRPMS/samba-3.0.24-5.fc5.src.rpm
7863d7676375e34a4ec654ca2f8c75a7f20b2a69  noarch/samba-3.0.24-5.fc5.src.rpm
1db6b849abd55b7fe2673ad44bc1c2c622ac5653  ppc/samba-common-3.0.24-5.fc5.ppc.rpm
279cf8da0b9d8addbbb0c7bb85e486a585b4aa40  ppc/samba-swat-3.0.24-5.fc5.ppc.rpm
8f37d7ab9e8e342ef55f092d3d2bc5156f53c79d  ppc/samba-client-3.0.24-5.fc5.ppc.rpm
5e9d4f7a56e9e848a66d152010eaec3ab5effe96  ppc/samba-3.0.24-5.fc5.ppc.rpm
1b72c4bd70e0544bd8ef12d11e38c531c5a264c0  ppc/debug/samba-debuginfo-3.0.24-5.fc5.ppc.rpm
3a689565ba1d6b4085265fcef5437572ceff609e  x86_64/debug/samba-debuginfo-3.0.24-5.fc5.x86_64.rpm
9df353905246559fb108377c1d3ddd42ce720b8f  x86_64/samba-common-3.0.24-5.fc5.x86_64.rpm
106746400b2dcb73aef2144e6cdfb8d392f3c3f4  x86_64/samba-swat-3.0.24-5.fc5.x86_64.rpm
8c2a533b52e006f42e2607cbbd315bb1743a77f6  x86_64/samba-client-3.0.24-5.fc5.x86_64.rpm
c80d2b934a23a3e0697e29a323b100337d7df851  x86_64/samba-3.0.24-5.fc5.x86_64.rpm
ea9579c77fd3ec61fa3a9ae3c1a6d993a23ae79f  i386/samba-client-3.0.24-5.fc5.i386.rpm
dd15ab53deb35f7e939cbb5de9b4776cb6ca5d3d  i386/samba-common-3.0.24-5.fc5.i386.rpm
f6f8a043b8b915b01c54d4c3c7e1053b939877af  i386/debug/samba-debuginfo-3.0.24-5.fc5.i386.rpm
e0be2decc1c44265f5bc42fe41bc5d369d569041  i386/samba-3.0.24-5.fc5.i386.rpm
e64f8fc609d7ef302a599366f585f5b1535bfaa8  i386/samba-swat-3.0.24-5.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.