U radu programskog paketa Samba, na operacijskim sustavima Fedora 13 i 14, uočen je sigurnosni nedostatak. Samba je implementacija protokola SMB (eng. Server Message Block) namijenjenog dijeljenju pisača, datoteka i informacija preko računalne mreže. Ranjivost je vezana uz način na koji spomenuti paket upravlja podatkovnom strukturom skupa opisnika datoteka (fd_set). Ukoliko udaljeni napadač ostvari pravo otvaranja datoteka na Samba poslužitelju, mogao bi steći mogućnost izvršavanja proizvoljnog, zlonamjernog programskog koda. Također, mogao bi pokrenuti napad uskraćivanja usluga. Svim korisnicima preporučuje se nadogradnja spomenutog paketa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3120
2011-03-11 20:24:37
--------------------------------------------------------------------------------
Name : samba
Product : Fedora 13
Version : 3.5.8
Release : 74.fc13
URL : http://www.samba.org/
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB/CIFS server that can be used to
provide network services to SMB/CIFS clients.
Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 8 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.8-74
- Update to 3.5.8
- resolves: #617482
* Thu Mar 3 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.7-73
- Security update to 3.5.7 to address CVE-2011-0719
- resolves: #681852
* Thu Jan 6 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.6-72
- Fix GSSAPI checksum for some SMB servers
- resolves: #667644
* Thu Nov 18 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.6-71
- Fix libsmbclient SMB signing
- resolves: #598620
* Mon Nov 1 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.6-70
- Handle no network case in init scripts
- resolves: #604147
* Fri Oct 8 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.6-69
- Update to 3.5.6
- resolves: #617771
* Thu Sep 9 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.5-68
- Security Release, fixes CVE-2010-3069
- resolves: #630869
* Thu Aug 26 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.4-67
- Put winbind krb5 locator plugin into a separate rpm
- resolves: #627181
* Tue Aug 24 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.4-66
- More fixes for winbind schannel
* Thu Aug 19 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.4-65
- Fix winbind default domain
- related: #618201
* Wed Aug 18 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.4-64
- Fix offline authentication
- resolves: #618201
* Tue Aug 10 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.4-63
- Fix winbind secure channel (samlogonex)
* Wed Jun 23 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.4-62
- Update to 3.5.4
* Wed May 19 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.3-61
- Update to 3.5.3
- Make sure nmb and smb initscripts return LSB compliant return codes
- Fix winbind over ipv6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #678328 - CVE-2011-0719 Samba unsafe fd_set usage
https://bugzilla.redhat.com/show_bug.cgi?id=678328
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update samba' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3118
2011-03-11 20:24:32
--------------------------------------------------------------------------------
Name : samba
Product : Fedora 14
Version : 3.5.8
Release : 74.fc14
URL : http://www.samba.org/
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB/CIFS server that can be used to
provide network services to SMB/CIFS clients.
Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 8 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.8-74
- Update to 3.5.8
- resolves: #596830
* Thu Mar 3 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.7-73
- Security update to 3.5.7 to address CVE-2011-0719
- resolves: #681852
* Thu Jan 6 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.6-72
- Fix GSSAPI checksum for some SMB servers
- resolves: #667647
* Mon Nov 22 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.6-71
- Handle no network case in init scripts
- resolves: #655766
* Thu Nov 18 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.6-70
- Fix libsmbclient SMB signing
- resolves: #654408
* Fri Oct 8 2010 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.6-69
- Update to 3.5.6
- resolves: #617771
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #678328 - CVE-2011-0719 Samba unsafe fd_set usage
https://bugzilla.redhat.com/show_bug.cgi?id=678328
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update samba' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke