Path to this page:
Subject: CVS commit: pkgsrc/net/samba33
From: Takahiro Kambe
Date: 2010-03-09 02:31:34
Message id: 20100309013134.384CE175DF@cvs.netbsd.org
Log Message:
Update samba33 package to 3.3.12.
o CVE-2010-0728:
In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
was added to fix a problem with Linux asynchronous IO handling.
This code introduced a bad security flaw on Linux platforms if the
binaries were built on Linux platforms with libcap support.
The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
capabilities, allowing all file system access to be allowed
even when permissions should have denied access.
Files: