./net/samba, SMB/CIFS protocol server suite

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2014Q4, Version: 3.6.25, Package name: samba-3.6.25, Maintainer: pkgsrc-users

Samba provides file and print services for Microsoft Windows clients.
These services may be hosted off any TCP/IP-enabled platform. The
Samba project includes not only an impressive feature set in file and
print serving capabilities, but has been extended to include client
functionality, utilities to ease migration to Samba, tools to aid
interoperability with Microsoft Windows, and administration tools.

DEINSTALL.nss_winbind [+/-]

Required to run:
[databases/tdb] [devel/readline] [devel/popt] [lang/perl5]


Package options: ads, ldap, pam, winbind

Master sites: (Expand)

SHA1: 86fbfcfe80454cc7dbe510e7d58c02922cac3efa
RMD160: 4df673ddac2a3fc8590820c8651e10f0dac90281
Filesize: 33322.098 KB

Version history: (Expand)


CVS history: (Expand)


   2015-03-04 21:00:15 by Matthias Scheler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #4634 - requested by taca
net/samba: security update

Revisions pulled up:
- net/samba/Makefile                                            1.253
- net/samba/distinfo                                            1.102

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Feb 24 09:54:47 UTC 2015

   Modified Files:
   	pkgsrc/net/samba: Makefile distinfo

   Log message:
   Update samba package to 3.6.25.

                      ==============================
                      Release Notes for Samba 3.6.25
                             February 23, 2015
                      ==============================

   This is a security release in order to address CVE-2015-0240 (Unexpected
   code execution in smbd).

   o  CVE-2015-0240:
      All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
      unexpected code execution vulnerability in the smbd file server
      daemon.

      A malicious client could send packets that may set up the stack in
      such a way that the freeing of memory in a subsequent anonymous
      netlogon packet could allow execution of arbitrary code. This code
      would execute with root privileges.

   o  CVE-2014-0178:
      In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA
      or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of
      Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY
      response field. The uninitialized buffer is sent back to the client.

      A non-default VFS module providing the get_shadow_copy_data_fn() hook
      must be explicitly enabled for Samba to process the aforementioned
      client requests. Therefore, only configurations with "shadow_copy" or
      "shadow_copy2" specified for the "vfs objects" \ 
parameter are vulnerable.