A vulnerability found by Marcus Meissner exists in Samba where it was
not creating temporary files safely which could allow local users to
overwrite files that they may not have access to. This happens when a
remote user queried a printer queue and samba would create a temporary
file in which the queue's data was written. Because Samba created the
file insecurely and used a predictable filename, a local attacker could
cause Samba to overwrite files that the attacker did not have access
to. As well, the smbclient "more" and "mput" commands also created
temporary files insecurely.
The vulnerability is present in Samba 2.0.7 and lower. 2.0.8 and 2.2.0
correct this behaviour.
893aa5b63b25263f4118094129b2c44f 7.1/RPMS/samba-2.0.8-1.2mdk.i586.rpm 04049723b420696c64207e29e020f563 7.1/RPMS/samba-client-2.0.8-1.2mdk.i586.rpm 74858e6ce9b9aa3d1cd1a93e210a5aae 7.1/RPMS/samba-common-2.0.8-1.2mdk.i586.rpm d331a93d62eb3d36397fbada1e65ff48 7.1/SRPMS/samba-2.0.8-1.2mdk.src.rpm
880264e1b7e1187a31d42e8fc4dfe695 7.2/RPMS/samba-2.0.8-1.1mdk.i586.rpm fe886d72bbc2a6be11acab0b0dfb02b6 7.2/RPMS/samba-client-2.0.8-1.1mdk.i586.rpm b24b7b6edfb8f774ea3a779ba6c2276f 7.2/RPMS/samba-common-2.0.8-1.1mdk.i586.rpm 41235ade6df790f3d0a927a2e8d7f445 7.2/SRPMS/samba-2.0.8-1.1mdk.src.rpm
ef8d5cd992f07be3878e65c69abb2606 8.0/RPMS/samba-2.0.8-1.3mdk.i586.rpm 1ad7f4f08f48c42b64cf2b8e9937999c 8.0/RPMS/samba-client-2.0.8-1.3mdk.i586.rpm 5224020f261a0493ff41570b2d42bc79 8.0/RPMS/samba-common-2.0.8-1.3mdk.i586.rpm 7c612ae58c07cc69030ea2cf4f675437 8.0/SRPMS/samba-2.0.8-1.3mdk.src.rpm
Corporate Server 1.0.1
87b197a24e6d030fd1b2dbc99374a734 1.0.1/RPMS/samba-2.0.8-1.2mdk.i586.rpm fda79a63b7e5521eb89804d8a689ea61 1.0.1/RPMS/samba-client-2.0.8-1.2mdk.i586.rpm cb2b31c5794f6dcd055fb8caffe4317b 1.0.1/RPMS/samba-common-2.0.8-1.2mdk.i586.rpm d331a93d62eb3d36397fbada1e65ff48 1.0.1/SRPMS/samba-2.0.8-1.2mdk.src.rpm
To upgrade automatically, use MandrivaUpdate.
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.