package: samba version: 3.0.24-6 severity: serious tags: security , patch hi,
the following CVEs were issued for samba. CVE-2009-2906 [0]: | smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 | before 3.4.2 allows remote authenticated users to cause a denial of service | (infinite loop) via an unanticipated oplock break notification reply packet. CVE-2009-2948 [1]: | mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and | 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly | enforce permissions, which allows local users to read part of the credentials file | and obtain the password by specifying the path to the credentials file and | using the --verbose or -v option. these are fixed in unstable. patches are available from [2]. mike [0] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2906 [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2948 [2] http://www.samba.org/samba/security/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
