From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2109-1
[email protected] http://www.debian.org/security/ Stefan Fritsch September 16, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : samba
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-3069
Debian bug : 596891
A vulnerability has been discovered in samba, a SMB/CIFS file, print,
and login server for Unix.
The sid_parse() function does not correctly check its input lengths
when reading a binary representation of a Windows SID (Security ID).
This allows a malicious client to send a sid that can overflow the
stack variable that is being used to store the SID in the Samba smbd
server. (CVE-2010-3069)
For the stable distribution (lenny), this problem has been fixed in
version 3.2.5-4lenny13.
For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed in version 3.5.5~dfsg-1.
We recommend that you upgrade your samba packages. The packages for the
mips architecture are not included in this upgrade. They will be released
as soon as they become available.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13.dsc
Size/MD5 checksum: 1834 eca5531616077567a13aa70c77c24930
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz
Size/MD5 checksum: 50276407 0f7539e09803ae60a2912e70adf1c747
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13.diff.gz
Size/MD5 checksum: 238904 69d9df4c5fd03523273a58464326d0fb
Architecture independent packages:
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny13_all.deb
Size/MD5 checksum: 6252920 302863fb9b5611992881228e1d3c0fec
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny13_all.deb
Size/MD5 checksum: 7949970 de6f2284630f59ca11c79a87d7f5cd37
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 637700 c41437b466eacc9ce13f9927f0e9852d
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 2573608 1a9676f80e510842a6fc86da6a91b899
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 3269896 f330c809c6486b02fed3eed42c4cbd9e
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 1948232 20825562722fe3cb30f700b965bd73c2
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 81782 3d389a482f79dd4c89b2347172b0d686
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 3730994 3d05cb0edd68b953914fd35a98d9a682
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 1462724 f90caf4c588dfa6dbb79e8bbe8fc0b06
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 5735060 45ac8e96f769c76e11e2593a8081d618
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 4832734 6b399772ff085ca7c930c8f3242f41cb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 1333652 ff93a9e6efd379b3feff79d1c5c2346d
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 1080332 b089287b8511b1d49bc12535729d5d58
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_alpha.deb
Size/MD5 checksum: 6954438 c77f399019586c78105821e8d985274c
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_amd64.deb
Size/MD5 checksum: 1494510 87442b7933664fb9d73318ebf90af8c8
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_amd64.deb
Size/MD5 checksum: 1081750 9ccbd9bd226bc00c60d31b6e36b7b093
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_amd64.deb
Size/MD5 checksum: 5650066 7801cfc7e54ca821cc1da95817aa8eee
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_amd64.deb
Size/MD5 checksum: 4779646 58fbb8734ff2c1fbf70653ca5b5d7bb1
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_amd64.deb
Size/MD5 checksum: 3279692 a5aa655a9396bf5fc45cae9b6d67a7c3
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_amd64.deb
Size/MD5 checksum: 628590 726d6c35ae2ca9cc81e3d1bf479a1e09
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_amd64.deb
Size/MD5 checksum: 3737856 178c562248f9aed8859eb946f20c0c17
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_amd64.deb
Size/MD5 checksum: 1997888 3c84a720dc194a4f57e86704fbc109a9
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_amd64.deb
Size/MD5 checksum: 7005802 87724542fa5bac36cf745c05d7ed37b6
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_amd64.deb
Size/MD5 checksum: 80758 95fd31f32f16025b77891483840504e8
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_amd64.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)