[ubuntu/karmic] samba 2:3.4.0-3ubuntu5 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Oct 2 09:47:51 BST 2009


samba (2:3.4.0-3ubuntu5) karmic; urgency=low

  * SECURITY UPDATE: whole filesystem share via user with no home directory
    - debian/patches/security-CVE-2009-2813.patch: make sure home directory
      is set in source3/param/loadparm.c, source3/smbd/service.c.
    - CVE-2009-2813
  * SECURITY UPDATE: credentials file disclosure and unauthorized usage via
    setuid mount.cifs
    - debian/patches/security-CVE-2009-2948.patch: don't open credentials
      file if user doesn't have permission, and don't print password when
      using verbose option in source3/client/mount.cifs.c.
    - CVE-2009-2948
  * SECURITY UPDATE: denial of service via unexpected oplock break
    notification reply
    - debian/patches/security-CVE-2009-2906.patch: track messages already
      processed in source3/include/smb.h, source3/smbd/process.c.
    - CVE-2009-2906

Date: Thu, 01 Oct 2009 08:20:29 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chuck Short <chuck.short at canonical.com>
https://launchpad.net/ubuntu/karmic/+source/samba/2:3.4.0-3ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 01 Oct 2009 08:20:29 -0400
Source: samba
Binary: samba samba-common-bin samba-common samba-tools smbclient swat samba-doc samba-doc-pdf smbfs libpam-smbpass libsmbclient libsmbclient-dev winbind samba-dbg libwbclient0
Architecture: source
Version: 2:3.4.0-3ubuntu5
Distribution: karmic
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libpam-smbpass - pluggable authentication module for Samba
 libsmbclient - shared library for communication with SMB/CIFS servers
 libsmbclient-dev - development files for libsmbclient
 libwbclient0 - Samba winbind client library
 samba      - SMB/CIFS file, print, and login server for Unix
 samba-common - common files used by both the Samba server and client
 samba-common-bin - common files used by both the Samba server and client
 samba-dbg  - Samba debugging symbols
 samba-doc  - Samba documentation
 samba-doc-pdf - Samba documentation in PDF format
 samba-tools - Samba testing utilities
 smbclient  - command-line SMB/CIFS clients for Unix
 smbfs      - Samba file system utilities
 swat       - Samba Web Administration Tool
 winbind    - Samba nameservice integration server
Changes: 
 samba (2:3.4.0-3ubuntu5) karmic; urgency=low
 .
   * SECURITY UPDATE: whole filesystem share via user with no home directory
     - debian/patches/security-CVE-2009-2813.patch: make sure home directory
       is set in source3/param/loadparm.c, source3/smbd/service.c.
     - CVE-2009-2813
   * SECURITY UPDATE: credentials file disclosure and unauthorized usage via
     setuid mount.cifs
     - debian/patches/security-CVE-2009-2948.patch: don't open credentials
       file if user doesn't have permission, and don't print password when
       using verbose option in source3/client/mount.cifs.c.
     - CVE-2009-2948
   * SECURITY UPDATE: denial of service via unexpected oplock break
     notification reply
     - debian/patches/security-CVE-2009-2906.patch: track messages already
       processed in source3/include/smb.h, source3/smbd/process.c.
     - CVE-2009-2906
Checksums-Sha1: 
 c101dbf75372271b5b41437c4094aa6077f1de7a 2190 samba_3.4.0-3ubuntu5.dsc
 1bebc201e9c135a9fafe3d2bf812a8642559517c 488950 samba_3.4.0-3ubuntu5.diff.gz
Checksums-Sha256: 
 844f0f0021dd0adf91a5ab9d4e907696daacaf5ea0b8c72ce501382911d439f0 2190 samba_3.4.0-3ubuntu5.dsc
 f26df79ed4b969d186ee38e84c5981c7670955daefc5f9cc776293e2c1301fec 488950 samba_3.4.0-3ubuntu5.diff.gz
Files: 
 731f148100ced147df79d4a2ddd86e77 2190 net optional samba_3.4.0-3ubuntu5.dsc
 8d8c229e5d812b9ba5f245c145ed7895 488950 net optional samba_3.4.0-3ubuntu5.diff.gz
Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkrE6p0ACgkQIHZ33voUATtzpwCgtF5FyCcZqwsTbima4DMLYRH9
4oQAnicv1AXe6//OBKU3wNZtMuUBTdDr
=6i3H
-----END PGP SIGNATURE-----


More information about the Karmic-changes mailing list