./net/samba33, SMB/CIFS protocol server suite

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2010Q4, Version: 3.3.15, Package name: samba-3.3.15, Maintainer: pkgsrc-users
Required to run:
[lang/perl5] [devel/popt] [devel/readline]


Package options: ads, ldap, pam, winbind

Master sites: (Expand)

SHA1: b555ee27f69f943982f92de771e9e094615712c1
RMD160: af83e6c26d550d6ddc8a1000cb72ed9b8fc9d124
Filesize: 24992.073 KB

Version history: (Expand)

CVS history: (Expand)


   2011-03-01 10:09:03 by Steven Drake | Files touched by this commit (2) 
Log message:
Pullup ticket #3367 - requested by taca
net/samba33 security fix.

Revisions pulled up:
- net/samba33/Makefile                                          1.13
- net/samba33/distinfo                                          1.6
---
Module Name:	pkgsrc
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Feb 28 14:34:09 UTC 2011

Modified Files:
	pkgsrc/net/samba33: Makefile distinfo

Log message:
Update samba33 pacakge to 3.3.15.

Release Announcements
=====================

Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
address CVE-2011-0719.

o  CVE-2011-0719:
   All current released versions of Samba are vulnerable to
   a denial of service caused by memory corruption. Range
   checks on file descriptors being used in the FD_SET macro
   were not present allowing stack corruption. This can cause
   the Samba code to crash or to loop attempting to select
   on a bad file descriptor set.

   A connection to a file share, or a local account is needed
   to exploit this problem, either authenticated or unauthenticated
   (guest connection).

   Currently we do not believe this flaw is exploitable
   beyond a crash or causing the code to loop, but on the
   advice of our security reviewers we are releasing fixes
   in case an exploit is discovered at a later date.

Changes
-------

o   Jeremy Allison <jra at samba.org>
    * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.