From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------- Debian Security Advisory DSA-2061-1
[email protected] http://www.debian.org/security/ Nico Golde June 16th, 2010
http://www.debian.org/security/faq
- ---------------------------------------------------------------------------
Package : samba
Vulnerability : memory corruption
Problem type : remote
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-2063
Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol
for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker
to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon.
For the stable distribution (lenny), this problem has been fixed in
version 3.2.5-4lenny12.
This problem does not affect the versions in the testing (squeeze) and
unstable (sid) distribution.
We recommend that you upgrade your samba packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12.diff.gz
Size/MD5 checksum: 239453 262a0d71af5629b5b743a2dd7699346a
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12.dsc
Size/MD5 checksum: 1834 752097289f87a23ffed0bd884a8c1093
Architecture independent packages:
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny12_all.deb
Size/MD5 checksum: 6252872 5bd2b9f3ce45c28733e4736af45cfa0b
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny12_all.deb
Size/MD5 checksum: 7949770 92c0aa87e34926cc8d05c844f96ccdf2
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 5734864 a3b2a0b1a098268d7f3fb408adca0663
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 4832766 221ccfadf707e5c1e2ec35162ca5e105
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 1333498 c85f1d0e2740701be6e48fa48d5eced4
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 6954426 110e2b73b8c7ce273f810af64e0b131c
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 1080334 8fc3c77432c4f9a5d1626ca7b0ced0a6
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 81696 6e48d5b3f4876a7e23387c409c3d343d
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 2573704 d370dd920eb28ff1d58f8ecf2a13d429
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 637646 b7fb85ef15e39bd1a9e663549d9b36a8
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 1948208 a22dbf0b9a49c79bbb3f060bb94f68a3
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 3730776 82de247611e9295c002923634d3ee25e
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 1462704 ee4f7318a9c09923ff9819e1225dfa53
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_alpha.deb
Size/MD5 checksum: 3269808 5cc94c8ffe70c5eb15581649d19ea4ef
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 628118 03a960adaf8f29de55ef7803272808c4
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 1359472 e4ec2ceae3e01f0c7252970c38f9db35
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 1953836 95004a241b1badbb736072220763b674
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 1084366 a32373e8f97437caf840323289273d43
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 5648976 4fb193526cfcb4c21482d63536c28c77
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 7008520 b20fdbde34664f6096464a57d1c2688d
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 1494464 8a1f81e59edd1ae82cd279d2af60097f
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 3728948 695540982869371eaa6195f58dc18f99
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 1996422 350e16492c0832412a90c770186b3d6f
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 80950 49475881f55c2c5958a296a75c792e6b
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_amd64.deb
Size/MD5 checksum: 3274656 00012f814498ddcd836de6243c8da013
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_amd64.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)