[Bug 235912] Re: [CVE-2008-1105] Samba: boundary failure when parsing SMB responses

Launchpad Bug Tracker 235912 at bugs.launchpad.net
Tue Jun 17 22:06:35 BST 2008


This bug was fixed in the package samba - 3.0.26a-1ubuntu2.4

---------------
samba (3.0.26a-1ubuntu2.4) gutsy-security; urgency=low

  * SECURITY UPDATE: heap overflow when processing crafted SMB responses
  * debian/patches/security-CVE-2008-1105.patch: update util_sock.c to require
    specifying the buffer size and update client.c, smbctool.c, smbfilter.c,
    and process.c for these changes
  * SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
    mailslot requests
  * debian/patches/security_CVE-2007-4572.patch: check return values and
    sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c.
    Backport regression fixes from upstream.
  * References:
    CVE-2008-1105
    CVE-2007-4572
    LP: #235912

 -- Jamie Strandboge <jamie at ubuntu.com>   Tue, 03 Jun 2008 16:29:05
-0400

** Changed in: samba (Ubuntu Feisty)
       Status: Fix Committed => Fix Released

-- 
[CVE-2008-1105] Samba: boundary failure when parsing SMB responses
https://bugs.launchpad.net/bugs/235912
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.



More information about the Ubuntu-server-bugs mailing list