[Pluto-security] Samba 2.2.8

Tom aka 'Dido' tom at pluto.linux.it
Fri Mar 21 08:55:25 CET 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

E' uscita una nuova versione di Samba, che chiude un buco _grosso_ delle 
versioni precedenti.
Dalla home page:


(14th Mar, 2003) Security Release - Samba 2.2.8

A flaw has been detected in the Samba main smbd code which could allow an 
external attacker to remotely and anonymously gain Super User (root) 
privileges on a server running a Samba server. This flaw exists in previous 
versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem 
and all sites should either upgrade to Samba 2.2.8 immediately or prohibit 
access to TCP ports 139 and 445. The Release Notes are available on-line.

In addition to addressing this security issue, Samba 2.2.8 includes many 
unrelated improvements. These improvements result from our process of 
continuous quality assurance and code review, and are part of the Samba 
team's committment to excellence.

Buon patching!

- -- 
- -------------------------------------
Dido

PGP Public Key
http://web.tiscali.it/di_do/dido.asc
- -------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+esVxQe/GGXXd6zQRAv2oAKCKKDTWNP+b8UAzjGxz6t53uZx4lwCgzyb2
dFZqWeGrGeQknvy3HY4e2GE=
=5y5r
-----END PGP SIGNATURE-----



More information about the pluto-security mailing list