samba 3.x 브렌치 별로 보안 취약점이 발견되어 새버전이 발표되었습니다.
자세한 사항은 아래를 참고하시고 원문은 관련링크를 참고하세요. CVE링크를 추가했습니다.
===============================================================================
Samba 3.0.35 Security Release 
=====================
Release Announcements
=====================
This is a security release in order to address CVE-2009-1888.
   o CVE-2009-1888:
     In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially 
      affect access control when "dos filemode" is set to "yes".
Changes since 3.0.34
--------------------
o   Jeremy Allison 
    * Fix for CVE-2009-1888.
================
Download Details
================
The release notes are available online at:
        http://www.samba.org/samba/ftp/history/samba-3.0.35.html
Binary packages will be made available on a volunteer basis from
        http://download.samba.org/samba/ftp/Binary_Packages/

====================================================================================
Samba 3.2.13 Security Release Available for Download
=====================
Release Announcements
=====================
This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.
   o CVE-2009-1886:
     In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat 
     user input as a format string to asprintf. With a maliciously crafted file name smbclient 
      can be made to execute code triggered by the server.
   o CVE-2009-1888:
     In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially 
      affect access control when "dos filemode" is set to "yes".
Changes since 3.2.12
--------------------
o   Jeremy Allison 
    * Fix for CVE-2009-1886.
    * Fix for CVE-2009-1888.
================
Download Details
================
The release notes are available online at:
        http://www.samba.org/samba/ftp/history/samba-3.2.13.html
Binary packages will be made available on a volunteer basis from 
        http://download.samba.org/samba/ftp/Binary_Packages/

====================================================================================
Samba 3.3.6 Security Release
Release Announcements
=====================
This is a security release in order to address CVE-2009-1888.
   o CVE-2009-1888:
     In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially 
      affect access control when "dos filemode" is set to "yes".
Changes since 3.3.5:
--------------------
o   Jeremy Allison 
    * BUG 6488: Fix for CVE-2009-1888.
================
Download Details
================
        http://download.samba.org/samba/ftp/
The release notes are available online at:
        http://www.samba.org/samba/ftp/history/samba-3.3.6.html
Binary packages will be made available on a volunteer basis from
        http://download.samba.org/samba/ftp/Binary_Packages/
관련 링크 : 
https://lists.samba.org/mailman/listinfo/samba-announce
http://us3.samba.org/samba/history/security.html
http://us1.samba.org/samba/security/CVE-2009-1886.html
http://us1.samba.org/samba/security/CVE-2009-1888.html

'News' 카테고리의 다른 글

ProFTPd 1.3.2a, 1.3.3rc1 released  (0) 2009.07.02
Firefox 3.5 Release  (1) 2009.07.01
Samba 3.4.0pre2 Release  (1) 2009.06.03
CentOS-5.3 i386 Live CD released  (0) 2009.05.28
ClamAV 0.95.1 Release  (0) 2009.04.14

+ Recent posts

티스토리툴바