[sflack-security] samba (SFSA:2007-134-01)

[sflack-security]  samba (SFSA:2007-134-01)

New samba packages are available for Sflack 11.0,
and -current to fix security issues.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/samba-3.0.25-x86_64-1_sflack11.0.tgz:
Upgraded to samba-3.0.25.
Security Fixes included in the Samba 3.0.25 release are:
o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation
o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

See the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.slackware.com/pub/sflack/sflack-11.0/patches/packages/samba-3.0.25-x86_64-1_sflack11.0.tgz

Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/slackware/n/samba-3.0.25-x86_64-1.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
351366cdc0fd0b6527fa1d3b054a2be8 samba-3.0.25-x86_64-1_sflack11.0.tgz

Sflack -current package:
208c2e51282ed2b8f3f098ba8efcefbb samba-3.0.25-x86_64-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg samba-3.0.25-x86_64-1_sflack11.0.tgz

Restart samba:
# /etc/rc.d/rc.samba restart


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com