Quoting Moritz Muehlenhoff (j...@inutil.org): > > a security bug has been discovered in all versions of Samba up to and > > including 3.4.5. > > It is possible to cause mtab corruption via a specially crafted string. > > More information at > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547 > > http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054 > > Since 567554 is tagged pending, I suppose the setuid root bit on > mount.cifs is going to be dropped. Once done, this issue is moot.
In unstable, then squeeze, yes. This is the change we'll do. OTOH, we still have lenny that's affected. Dropping the setuid bit in lenny would break the behaviour of the package in a too invasive way, so we need to use patches that have been proposed in upstream bug report by Jeff Layton. However, they don't apply cleanly on our 3.2.5. They were meant for upstream 3-2-test branch, so for 3.2.15 I started working on them yesterday and it seems feasible to port them. Surprisingly, though, some of the 7 patches proposed by Jeff in the attached tarball are reported as "already applied" on our 3.2.5 sources. I end up with only 4 patches needed. See patches-setuid-lenny.tar.gz. I did not try compiling lenny's samba with them yet.
patches-setuid.tar.gz
Description: Binary data
patches-setuid-lenny.tar.gz
Description: Binary data
signature.asc
Description: Digital signature
