Samba 3.5.5, 3.4.9, 3.3.14 Security Releases

2010. 9. 15. 16:42



o  CVE-2010-3069:
   All current released versions of Samba are vulnerable to
   a buffer overrun vulnerability. The sid_parse() function
   (and related dom_sid_parse() function in the source4 code)
   do not correctly check their input lengths when reading a
   binary representation of a Windows SID (Security ID). This
   allows a malicious client to send a sid that can overflow
   the stack variable that is being used to store the SID in the
   Samba smbd server.



CVE-2010-3069 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069


================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/

The release notes are available online at:

        http://www.samba.org/samba/ftp/history/samba-3.3.14.html
        http://www.samba.org/samba/ftp/history/samba-3.4.9.html
        http://www.samba.org/samba/ftp/history/samba-3.5.5.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

'Security' 카테고리의 다른 글

XpressEngine Core 1.4.4.3 (보안패치) (1)	2010.12.20
ProFTPD 1.3.3c 공식홈페이지에서 백도어가 포함된 버전 배포 (0)	2010.12.08
XE XSS 취약점 패치 (0)	2010.03.17
XE Core 1.4.0.7 배포 (CSRF 취약점 패치) (0)	2010.02.25
XE Core 1.3.1.1 이하 버전 CSRF 취약점 패치 (0)	2009.12.22

F/R/E/E/4/U

Samba 3.5.5, 3.4.9, 3.3.14 Security Releases

'Security' 카테고리의 다른 글

+ Recent posts

티스토리툴바