Your message dated Thu, 30 Sep 2010 01:56:04 +0000 with message-id <e1p18nq-0001la...@franck.debian.org> and subject line Bug#596891: fixed in samba 2:3.2.5-4lenny13 has caused the Debian Bug report #596891, regarding samba: CVE-2010-3069: buffer overrun vulnerability Available to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 596891: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596891 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: samba Severity: critical Tags: security This vulnerability has been unveiled publicly without prior warning, so probably exploits can be in the wild already. 3.2 from lenny is affected, too. Backporting the fix seems trivial and I think we'll be working on it ASAP. ----- Forwarded message from Karolin Seeger <ksee...@samba.org> ----- Date: Tue, 14 Sep 2010 13:14:28 +0200 From: Karolin Seeger <ksee...@samba.org> To: sa...@samba.org, samba-techni...@samba.org, samba-annou...@samba.org Subject: [Announce] Samba 3.5.5, 3.4.9 and 3.3.14 Security Releases Available Organization: SerNet GmbH, Goettingen, Germany X-CRM114-Status: Good ( pR: 82.4819 ) Release Announcements ===================== These are a security releases in order to address CVE-2010-3069. o CVE-2010-3069: All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. Changes ------- o Jeremy Allison <j...@samba.org> * BUG 7669: Fix for CVE-2010-3069. o Andrew Bartlett <abart...@samba.org> * BUG 7669: Fix for CVE-2010-3069. ###################################################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ================ Download Details ================ The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.14.html http://www.samba.org/samba/ftp/history/samba-3.4.9.html http://www.samba.org/samba/ftp/history/samba-3.5.5.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team ** CRM114 Whitelisted by: lists.samba.org ** ----- End forwarded message ----- --
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: samba Source-Version: 2:3.2.5-4lenny13 We believe that the bug you reported is fixed in the latest version of samba, which is due to be installed in the Debian FTP archive: libpam-smbpass_3.2.5-4lenny13_i386.deb to main/s/samba/libpam-smbpass_3.2.5-4lenny13_i386.deb libsmbclient-dev_3.2.5-4lenny13_i386.deb to main/s/samba/libsmbclient-dev_3.2.5-4lenny13_i386.deb libsmbclient_3.2.5-4lenny13_i386.deb to main/s/samba/libsmbclient_3.2.5-4lenny13_i386.deb libwbclient0_3.2.5-4lenny13_i386.deb to main/s/samba/libwbclient0_3.2.5-4lenny13_i386.deb samba-common_3.2.5-4lenny13_i386.deb to main/s/samba/samba-common_3.2.5-4lenny13_i386.deb samba-dbg_3.2.5-4lenny13_i386.deb to main/s/samba/samba-dbg_3.2.5-4lenny13_i386.deb samba-doc-pdf_3.2.5-4lenny13_all.deb to main/s/samba/samba-doc-pdf_3.2.5-4lenny13_all.deb samba-doc_3.2.5-4lenny13_all.deb to main/s/samba/samba-doc_3.2.5-4lenny13_all.deb samba-tools_3.2.5-4lenny13_i386.deb to main/s/samba/samba-tools_3.2.5-4lenny13_i386.deb samba_3.2.5-4lenny13.diff.gz to main/s/samba/samba_3.2.5-4lenny13.diff.gz samba_3.2.5-4lenny13.dsc to main/s/samba/samba_3.2.5-4lenny13.dsc samba_3.2.5-4lenny13_i386.deb to main/s/samba/samba_3.2.5-4lenny13_i386.deb smbclient_3.2.5-4lenny13_i386.deb to main/s/samba/smbclient_3.2.5-4lenny13_i386.deb smbfs_3.2.5-4lenny13_i386.deb to main/s/samba/smbfs_3.2.5-4lenny13_i386.deb swat_3.2.5-4lenny13_i386.deb to main/s/samba/swat_3.2.5-4lenny13_i386.deb winbind_3.2.5-4lenny13_i386.deb to main/s/samba/winbind_3.2.5-4lenny13_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 596...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch <s...@debian.org> (supplier of updated samba package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 15 Sep 2010 18:41:36 +0200 Source: samba Binary: samba samba-common samba-tools smbclient swat samba-doc samba-doc-pdf smbfs libpam-smbpass libsmbclient libsmbclient-dev winbind samba-dbg libwbclient0 Architecture: source all i386 Version: 2:3.2.5-4lenny13 Distribution: stable-security Urgency: high Maintainer: Debian Samba Maintainers <pkg-samba-ma...@lists.alioth.debian.org> Changed-By: Stefan Fritsch <s...@debian.org> Description: libpam-smbpass - pluggable authentication module for SMB/CIFS password database libsmbclient - shared library that allows applications to talk to SMB/CIFS serve libsmbclient-dev - libsmbclient static libraries and headers libwbclient0 - client library for interfacing with winbind service samba - a LanManager-like file and printer server for Unix samba-common - Samba common files used by both the server and the client samba-dbg - Samba debugging symbols samba-doc - Samba documentation samba-doc-pdf - Samba documentation (PDF format) samba-tools - tools provided by the Samba suite smbclient - a LanManager-like simple client for Unix smbfs - mount and umount commands for the smbfs (for kernels >= than 2.2. swat - Samba Web Administration Tool winbind - service to resolve user and group information from Windows NT ser Closes: 596891 Changes: samba (2:3.2.5-4lenny13) stable-security; urgency=high . [ Christian Perrier ] * Security update, fixing the following issue: - CVE-2019-3069: Buffer overrun vulnerability in sid_parse. Closes: #596891. Checksums-Sha1: 1ad06955f119c5375149560339a43af037bb0fe0 1834 samba_3.2.5-4lenny13.dsc 7e7ee945b818491733363729df84fde7804e9d4d 238904 samba_3.2.5-4lenny13.diff.gz 04c2d3fd3a09d3bd2a2f73ceaa50af463fb0ae9b 7949970 samba-doc_3.2.5-4lenny13_all.deb 2ffd070b000f43be9b24e1722bc56818e56d62ba 6252920 samba-doc-pdf_3.2.5-4lenny13_all.deb 397e21e9ea79b8cf6c827ea6cf9c2d8b6ebfa4ca 4297024 samba_3.2.5-4lenny13_i386.deb b011bb28067e2faa396115e3b388514deddd3a50 3413978 samba-common_3.2.5-4lenny13_i386.deb 8ce1de82a6a522a9496363b0e31ab3a455eeb299 5069758 samba-tools_3.2.5-4lenny13_i386.deb 0bb2146783a2a435172be3006e761d77188cdbac 6302812 smbclient_3.2.5-4lenny13_i386.deb 172fab6e34481095493fcd78567147fe516b2de5 985474 swat_3.2.5-4lenny13_i386.deb d9a2610032519ff1b24fbae5261d7b709410f56c 1350902 smbfs_3.2.5-4lenny13_i386.deb dfe1bac7ec88089839f87e0db8f388a9c68898df 561444 libpam-smbpass_3.2.5-4lenny13_i386.deb 189dd82fa18de34efca8995710b2ae4b817503f5 1200722 libsmbclient_3.2.5-4lenny13_i386.deb 3883c244478e0c47a2e5de8c578406d26a78224d 1824284 libsmbclient-dev_3.2.5-4lenny13_i386.deb 2ddf85f17f60361b093a88c33ee312c608f80d08 2931680 winbind_3.2.5-4lenny13_i386.deb b86dbd25a08656a7a106a5d9864befb1b2ed4fdc 2078438 samba-dbg_3.2.5-4lenny13_i386.deb 854defe922f7a711c4dc7a647031db33102a6b2b 79724 libwbclient0_3.2.5-4lenny13_i386.deb Checksums-Sha256: 17c9164a3954a2f6c92801b87350112187d4cc0877de93530a1d209dc98894d0 1834 samba_3.2.5-4lenny13.dsc 036cc1e3f7b975cec5324b50963f7556503549d192e0e06fd5ed195f8a077e5c 238904 samba_3.2.5-4lenny13.diff.gz 3b06ae83d22a7bd04245e0e717dece287f8ec5d5d86b78eeac08a4bee4ab8c4e 7949970 samba-doc_3.2.5-4lenny13_all.deb c34082069c8e74c1ea68cff6799d59b7790146284a952d25138de3152570aeba 6252920 samba-doc-pdf_3.2.5-4lenny13_all.deb 7148ca7e771289ff72e63808e6e1b40ed986d4a12f36040713edf1da74ca77a3 4297024 samba_3.2.5-4lenny13_i386.deb 2dc8f37fc422907b5e85d53aed95934deb7ae67bec6e33e7cdb6f604e1e8a53b 3413978 samba-common_3.2.5-4lenny13_i386.deb e97c1df2b0086fb09cac10dc42fb6ec6ce0be4f2a94e55032fe04e91a7ce51cc 5069758 samba-tools_3.2.5-4lenny13_i386.deb 66059452bfadaf323103238bcb6d7315323ccff9f9c9ea95e690eabed9a6f442 6302812 smbclient_3.2.5-4lenny13_i386.deb f297a465b96a0007564102a874926fe4f666c151e1d6228584b1d02c1043adec 985474 swat_3.2.5-4lenny13_i386.deb 4f7030b07455546b2c13c15f82c1772fbb0bb300e4d9c5be1291b7f51559dd0c 1350902 smbfs_3.2.5-4lenny13_i386.deb 4fced3aaa963a6078dab804fec3bc8f46b091d520df3a67022032f7ac2f2d523 561444 libpam-smbpass_3.2.5-4lenny13_i386.deb ca6503bc188c91adcd8b1a1621b7d347de47fc018cb791bae21b31af465bfac5 1200722 libsmbclient_3.2.5-4lenny13_i386.deb b1308ad0b9aacae1d1b62d67acc0efa8db611657a985ddcc8e1604dada186d65 1824284 libsmbclient-dev_3.2.5-4lenny13_i386.deb 7a2a2ec0ff21b6f6e95bd4b08b2efcc87cba42bf5fded2fab5f18bd2dc63ffa8 2931680 winbind_3.2.5-4lenny13_i386.deb 53b87251987e63cb84e73a8621c5347c1895c2f2f0d52670f23cf4e5befc28a8 2078438 samba-dbg_3.2.5-4lenny13_i386.deb a8a5df588c09786f85ab881adc6e18cc2e66066a951f4a4281559624de6cf4ea 79724 libwbclient0_3.2.5-4lenny13_i386.deb Files: eca5531616077567a13aa70c77c24930 1834 net optional samba_3.2.5-4lenny13.dsc 69d9df4c5fd03523273a58464326d0fb 238904 net optional samba_3.2.5-4lenny13.diff.gz de6f2284630f59ca11c79a87d7f5cd37 7949970 doc optional samba-doc_3.2.5-4lenny13_all.deb 302863fb9b5611992881228e1d3c0fec 6252920 doc optional samba-doc-pdf_3.2.5-4lenny13_all.deb d28f3ace38105747ad719c22254758dd 4297024 net optional samba_3.2.5-4lenny13_i386.deb 04e0ec798efef16f5f4f85d531460c6a 3413978 net optional samba-common_3.2.5-4lenny13_i386.deb 03783d93e2684d3f5e6791e42e5c2779 5069758 net optional samba-tools_3.2.5-4lenny13_i386.deb 6ab9c65baff46fca37ddee4c3bdd09c5 6302812 net optional smbclient_3.2.5-4lenny13_i386.deb 3d3c29b7a86950db1cc8d85c16d71df6 985474 net optional swat_3.2.5-4lenny13_i386.deb bda07566b5f6ad865b1428207885204f 1350902 otherosfs optional smbfs_3.2.5-4lenny13_i386.deb cf09580878d82001e9e61b7f1d1f0441 561444 admin extra libpam-smbpass_3.2.5-4lenny13_i386.deb 156290d3f0ea060e8efa71f08478a052 1200722 libs optional libsmbclient_3.2.5-4lenny13_i386.deb c65a5658663cf3a5bb80be2d4b4127ee 1824284 libdevel extra libsmbclient-dev_3.2.5-4lenny13_i386.deb d911e6518136d2ec50f3f2fc1967d3d7 2931680 net optional winbind_3.2.5-4lenny13_i386.deb 6f7f4d608573922221da2225bfbe6f36 2078438 devel extra samba-dbg_3.2.5-4lenny13_i386.deb 22ed052c45d5d928e08c39a6f77d4468 79724 libs optional libwbclient0_3.2.5-4lenny13_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFMkPr5bxelr8HyTqQRAp4cAKCwDeMUx6TwmNHb5eLfKsqwBrKGogCfenEY s6RL0uKCG25adCxnGFDbZCM= =64Am -----END PGP SIGNATURE-----
--- End Message ---
