Advisories
Mandriva Advisories
|
 |
| Problem Description |
A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered
by the Debian samba maintainers. A bug in the length checking for
encrypted password change requests from clients could be exploited
using a buffer overrun attack on the smbd stack. This attack would
have to crafted in such a way that converting a DOS codepage string to
little endian UCS2 unicode would translate into an executable block of
code.
This vulnerability has been fixed in samba version 2.2.7, and the
updated packages have had a patch applied to fix the problem.
| Updated Packages |
Mandrakelinux 8.1
b10451e71a1ba27d45956f57fb203118 8.1/RPMS/samba-2.2.2-3.3mdk.i586.rpm 22a6f9977518bbe2923ec7d2f68a698e 8.1/RPMS/samba-client-2.2.2-3.3mdk.i586.rpm 74d59e5578aaa0a23e760c828a6d8688 8.1/RPMS/samba-common-2.2.2-3.3mdk.i586.rpm 6d6a2835fd6e21b4c93dbaa5fe6f2d13 8.1/RPMS/samba-doc-2.2.2-3.3mdk.i586.rpm 4c7511781a263f633cab5bf1831ad69b 8.1/SRPMS/samba-2.2.2-3.3mdk.src.rpm
Mandrakelinux 8.1/IA64
2456e2af90d2e71e877a16f2ff034c73 ia64/8.1/RPMS/samba-2.2.2-3.3mdk.ia64.rpm 66043b111988d82d2800763950ea07e3 ia64/8.1/RPMS/samba-client-2.2.2-3.3mdk.ia64.rpm 6954d750eae921eece5e1e2ece9c42e5 ia64/8.1/RPMS/samba-common-2.2.2-3.3mdk.ia64.rpm cf5545988b8d07299b776a25d6dc2e56 ia64/8.1/RPMS/samba-doc-2.2.2-3.3mdk.ia64.rpm 4c7511781a263f633cab5bf1831ad69b ia64/8.1/SRPMS/samba-2.2.2-3.3mdk.src.rpm
Mandrakelinux 8.2
5552fadd8509fc7222099f88dad0f5a9 8.2/RPMS/nss_wins-2.2.3a-10.1mdk.i586.rpm 58da182a9a84a02010ddaf939e97bc7c 8.2/RPMS/samba-2.2.3a-10.1mdk.i586.rpm 91dcff33758dca1ca9a4779186a6917d 8.2/RPMS/samba-client-2.2.3a-10.1mdk.i586.rpm ce98076728c73ca79b78fc9d69b94b47 8.2/RPMS/samba-common-2.2.3a-10.1mdk.i586.rpm 983c2de083b240971026bb054b449fde 8.2/RPMS/samba-doc-2.2.3a-10.1mdk.i586.rpm fe4c7a8ebedede8ac10ff98eac2b84a5 8.2/RPMS/samba-swat-2.2.3a-10.1mdk.i586.rpm ec00eed80e135dd79b56608bbd2c0574 8.2/RPMS/samba-winbind-2.2.3a-10.1mdk.i586.rpm 5677dee51659f50acee4e55346ca737d 8.2/SRPMS/samba-2.2.3a-10.1mdk.src.rpm
Mandrakelinux 8.2/PPC
32e41a8c06f1b5b24b13de0f65dfa3cc ppc/8.2/RPMS/nss_wins-2.2.3a-10.1mdk.ppc.rpm 275bf7b8a2792e11bf94dc24557f8ebc ppc/8.2/RPMS/samba-2.2.3a-10.1mdk.ppc.rpm 66232f77afcacc83090e3cf848717962 ppc/8.2/RPMS/samba-client-2.2.3a-10.1mdk.ppc.rpm 912ccb4cc81f89de6de871aa1c4833c0 ppc/8.2/RPMS/samba-common-2.2.3a-10.1mdk.ppc.rpm af73612d4ea52c4a391ca75afd0dae8b ppc/8.2/RPMS/samba-doc-2.2.3a-10.1mdk.ppc.rpm 2117cd7af96f6467c867faef73a425b6 ppc/8.2/RPMS/samba-swat-2.2.3a-10.1mdk.ppc.rpm ab0402b7173a04be1cbc6c415807b98a ppc/8.2/RPMS/samba-winbind-2.2.3a-10.1mdk.ppc.rpm 5677dee51659f50acee4e55346ca737d ppc/8.2/SRPMS/samba-2.2.3a-10.1mdk.src.rpm
Mandrakelinux 9.0
25b264e1b5ee43b26d861f5b5e07d7d2 9.0/RPMS/nss_wins-2.2.7-2.1mdk.i586.rpm 619a0506a84d25099ca0653be0f5fd3a 9.0/RPMS/samba-client-2.2.7-2.1mdk.i586.rpm d7ed710067f71285cc616fe07efd7753 9.0/RPMS/samba-common-2.2.7-2.1mdk.i586.rpm 2b5667097a398ef87e9e721c26bb613b 9.0/RPMS/samba-doc-2.2.7-2.1mdk.i586.rpm ff124b4103dd84e51f5be82dd9244b1f 9.0/RPMS/samba-server-2.2.7-2.1mdk.i586.rpm a7b976a81f59d7ce7111cb5f44d89bcd 9.0/RPMS/samba-swat-2.2.7-2.1mdk.i586.rpm 0859d8665e9d2ea2f1f96365a7456e3f 9.0/RPMS/samba-winbind-2.2.7-2.1mdk.i586.rpm b93cd8ca9319a628ee7015bbd5d2196e 9.0/SRPMS/samba-2.2.7-2.1mdk.src.rpm
| References |
http://www.samba.org/samba/whatsnew/samba-2.2.7.html
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.