From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Dmitry V. Levin" <ldv@alt-linux.org>
To: devel@altlinux.ru
Message-ID: <20010418135713.B27324@ldv.office.alt-linux.org>
Mail-Followup-To: devel@altlinux.ru
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="5I6of5zJg18YgZEa"
Content-Disposition: inline
X-fingerprint: 9658 398D 181B 1200 8FC5  26B8 F6F8 846B C1E2 3429
Subject: [devel] [tridge@SAMBA.ORG: Samba 2.0.8 security fix]
Sender: devel-admin@linux.iplabs.ru
Errors-To: devel-admin@linux.iplabs.ru
X-BeenThere: devel@linux.iplabs.ru
X-Mailman-Version: 2.0
Precedence: bulk
Reply-To: devel@linux.iplabs.ru
List-Help: <mailto:devel-request@linux.iplabs.ru?subject=help>
List-Post: <mailto:devel@linux.iplabs.ru>
List-Subscribe: <http://www.logic.ru/mailman/listinfo/devel>,
	<mailto:devel-request@linux.iplabs.ru?subject=subscribe>
List-Id: IPLabs Linux Team Developers mailing list <devel.linux.iplabs.ru>
List-Unsubscribe: <http://www.logic.ru/mailman/listinfo/devel>,
	<mailto:devel-request@linux.iplabs.ru?subject=unsubscribe>
List-Archive: <http://www.logic.ru/pipermail/devel/>
X-Original-Date: Wed, 18 Apr 2001 13:57:13 +0400
Date: Wed, 18 Apr 2001 13:57:13 +0400
Archived-At: <http://lore.altlinux.org/devel/20010418135713.B27324@ldv.office.alt-linux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--5I6of5zJg18YgZEa
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

----- Forwarded message from tridge@SAMBA.ORG -----

Date:         Tue, 17 Apr 2001 17:06:48 -0700
From: tridge@SAMBA.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
Subject:      Samba 2.0.8 security fix
Reply-To: tridge@valinux.com

I've just released Samba 2.0.8. This release fixes a significant
security vulnerability that allows local users to corrupt local
devices (such as raw disks).

For most users the Samba Team recommends Samba 2.2.0 which has just
been released. Version 2.2.0 has all the security fixes plus many new
features and other bug fixes. Version 2.0.8 is meant for very
conservative sites that want a absolutely minimal security fix rather
than a large update.

The security hole was found by Marcus Meissner
(Marcus.Meissner@caldera.de) during a routine security audit of the
Samba source code. Many thanks to Marcus and Caldera for taking the
time to audit the code. The hole involved an incorrect usage of
temporary files and can be exploited by a local user with a shell
account on the Samba server to destroy data on a local device, such as
/dev/hda. The exploit is relatively easy to perform so all sites with
untrusted local users should update immediately to either version
2.0.8 or version 2.2.0.

The 2.0.8 release is available at
    ftp://ftp.samba.org/pub/samba/samba-2.0.8.tar.gz
the patch is available at:
    ftp://ftp.samba.org/pub/samba/patches/samba-2.0.7-2.0.8.diffs.gz

The 2.2.0 release is available at:
    ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz

We do not plan on doing any more releases of Samba 2.0.x.

Distribution vendors have been notified about the security fix and
will be doing new releases shortly.

Cheers, Tridge

----- End forwarded message -----

Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@alt-linux.org
ALT Linux Team      http://www.altlinux.ru/
Fandra Project      http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.

--5I6of5zJg18YgZEa
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE63WT59viEa8HiNCkRApmpAJwItjwRoOFUzibPv9z1Ic4EDr8E/ACeJAiU
ivGuQHTv1LRTY26TKErJb4E=
=hFtF
-----END PGP SIGNATURE-----

--5I6of5zJg18YgZEa--
_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel