From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Bokovoy To: devel@linux.iplabs.ru Subject: Re: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix] Message-ID: <20010418130204.E2486@boids.avilink.net> References: <20010418135713.B27324@ldv.office.alt-linux.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20010418135713.B27324@ldv.office.alt-linux.org>; from ldv@alt-linux.org on Wed, Apr 18, 2001 at 01:57:13PM +0400 Sender: devel-admin@linux.iplabs.ru Errors-To: devel-admin@linux.iplabs.ru X-BeenThere: devel@linux.iplabs.ru X-Mailman-Version: 2.0 Precedence: bulk Reply-To: devel@linux.iplabs.ru List-Help: List-Post: List-Subscribe: , List-Id: IPLabs Linux Team Developers mailing list List-Unsubscribe: , List-Archive: X-Original-Date: Wed, 18 Apr 2001 13:02:04 +0300 Date: Wed, 18 Apr 2001 13:02:04 +0300 Archived-At: List-Archive: List-Post: Кто будет собирать? До нас диски, наконец-то, добрались и я надеюсь, что Вадим приступит к сборке Samba 2.2.0 и OpenLDAP еще до выходных, эту версию (2.0.8) желательно было бы собрать уже сейчас. И в updates. On Wed, Apr 18, 2001 at 01:57:13PM +0400, Dmitry V. Levin wrote: > ----- Forwarded message from tridge@SAMBA.ORG ----- > > Date: Tue, 17 Apr 2001 17:06:48 -0700 > From: tridge@SAMBA.ORG > To: BUGTRAQ@SECURITYFOCUS.COM > Subject: Samba 2.0.8 security fix > Reply-To: tridge@valinux.com > > I've just released Samba 2.0.8. This release fixes a significant > security vulnerability that allows local users to corrupt local > devices (such as raw disks). > > For most users the Samba Team recommends Samba 2.2.0 which has just > been released. Version 2.2.0 has all the security fixes plus many new > features and other bug fixes. Version 2.0.8 is meant for very > conservative sites that want a absolutely minimal security fix rather > than a large update. > > The security hole was found by Marcus Meissner > (Marcus.Meissner@caldera.de) during a routine security audit of the > Samba source code. Many thanks to Marcus and Caldera for taking the > time to audit the code. The hole involved an incorrect usage of > temporary files and can be exploited by a local user with a shell > account on the Samba server to destroy data on a local device, such as > /dev/hda. The exploit is relatively easy to perform so all sites with > untrusted local users should update immediately to either version > 2.0.8 or version 2.2.0. > > The 2.0.8 release is available at > ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz > the patch is available at: > ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz > > The 2.2.0 release is available at: > ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz > > We do not plan on doing any more releases of Samba 2.0.x. > > Distribution vendors have been notified about the security fix and > will be doing new releases shortly. > > Cheers, Tridge > > ----- End forwarded message ----- > > Regards, > Dmitry > > +-------------------------------------------------------------------------+ > Dmitry V. Levin mailto://ldv@alt-linux.org > ALT Linux Team http://www.altlinux.ru/ > Fandra Project http://www.fandra.org/ > +-------------------------------------------------------------------------+ > UNIX is user friendly. It's just very selective about who its friends are. -- Sincerely yours, Alexander Bokovoy The Midgard Project | ALT Linux Team | Minsk Linux Users Group www.midgard-project.org | www.altlinux.ru | www.minsk-lug.net -- You won't skid if you stay in a rut. -- Frank Hubbard _______________________________________________ Devel mailing list Devel@linux.iplabs.ru http://www.logic.ru/mailman/listinfo/devel