From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2004-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 28, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : samba
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-3297 CVE-2010-0547

Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2009-3297

Ronald Volgers discovered that a race condition in mount.cifs
allows local users to mount remote filesystems over arbitrary
mount points.

CVE-2010-0547

Jeff Layton discovered that missing input sanitising in mount.cifs
allows denial of service by corrupting /etc/mtab.

For the stable distribution (lenny), these problems have been fixed in
version 2:3.2.5-4lenny9.

For the unstable distribution (sid), these problems have been fixed in
version 2:3.4.5~dfsg-2.

We recommend that you upgrade your samba packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9.dsc
Size/MD5 checksum: 2470 c350b5f777685fe69e0ae2f5dcf810ed
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9.diff.gz
Size/MD5 checksum: 239988 82ad8ff6f28af236b321a7eb50d754c8

Architecture independent packages:

http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny9_all.deb
Size/MD5 checksum: 6252746 f7df1cc363fbcd6ce2da61aaaea2e1c5
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny9_all.deb
Size/MD5 checksum: 7950496 68348d1ee83c74096ad02f05ed3b3699

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 1463176 dead0cf63a2ea7de8baf562e1867fe10
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 1333348 80f5022f6b36cab3f2d67bb0ef4b2800
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 638200 c3467c6d11c4b655cfe31e6a19ff0622
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 2574222 491cfc0ee9ce90d6c98347467002c7ef
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 3275458 c3b8ba294354a64c4b7e80ddcd7849cb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 1941530 14d2c8ffd8544b448eff0d3790e46621
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 6950754 58cffb8cebcaf30c8d8e35916a65fffe
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 3736204 8a467068fa6ff8ef20a61f6277b7d583
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 81568 c70797d1ea795973e6d6639cfd0410fd
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 4834334 c4114837ae9245452a8e8752f7b5343a
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 5733410 59017cdc857eae1a64dcb707365ac78b
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_alpha.deb
Size/MD5 checksum: 1080474 37190dfe1f9c11ba17aeda1377cc0304

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_amd64.deb
Size/MD5 checksum: 1992470 93f2f6a501d8b0c354537d143c962794
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_amd64.deb
Size/MD5 checksum: 4781510 b3432114b15d1134e9f88ef8fd5cef8b
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_amd64.deb
Size/MD5 checksum: 7006958 656401f8a9bcebd2e0daf05d009d4adb
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_amd64.deb
Size/MD5 checksum: 1083040 98380f9059424e4b8cbcb56435586467
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_amd64.deb
Size/MD5 checksum: 628388 d5c4908130f2932c7e630bf0fb71868f
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_amd64.deb
Size/MD5 checksum: 1358206 e92b4c3d4ee7a0cb1102808b0f479bcb
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_amd64.deb
Size/MD5 checksum: 5648010 926ac5718d9c7f45491944b9ecddbf32
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_amd64.deb
Size/MD5 checksum: 1955572 6ef5dc332042050c27ce9ab96dd43a0a
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_amd64.deb
Size/MD5 checksum: 3276028 b1527124efde3b2e5551fa9680573207
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_amd64.deb
Size/MD5 checksum: 1494266 185078508720dd3b5930c06465a0995d
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_amd64.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)