Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Slackware Linux Advisories: samba, sendmail

Mar 30, 2003, 00:51 (0 Talkback[s])


[slackware-security]  Samba buffer overflow fixed

The samba packages in Slackware 8.1 and -current have been patched to fix
a security problem.  All sites running samba should upgrade.  


Here are the details from the Slackware 8.1 ChangeLog:
+--------------------------+
Sat Mar 15 13:49:04 PST 2003
patches/packages/samba-2.2.8-i386-1.tgz:  Upgraded to Samba 2.2.8.

  From the Samba web site:

     * (14th Mar, 2003) Security Release - Samba 2.2.8

     A flaw has been detected in the Samba main smbd code which
     could allow an external attacker to remotely and anonymously
     gain Super User (root) privileges on a server running a
     Samba server. This flaw exists in previous versions of Samba
     from 2.0.x to 2.2.7a inclusive. This is a serious problem
     and all sites should either upgrade to Samba 2.2.8
     immediately or prohibit access to TCP ports 139 and 445.

(* Security fix *)
+--------------------------+

More information may be found in the Samba release notes.



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated Samba package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/samba-2.2.8-i386-1.tgz

Updated Samba package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-2.2.8-i386-1.tgz



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.1 package:
be4bee0ed2c50e9313150843e41b09ad  samba-2.2.8-i386-1.tgz

Slackware -current package:
940d26d3f74763524976a61f44637b22  samba-2.2.8-i386-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

As root, upgrade the samba package(s) with upgradepkg:

upgradepkg samba-2.2.8-i386-1.tgz

Then, restart samba:

/etc/rc.d/rc.samba restart



+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

------------------------------------------------------------------------

[slackware-security]  Sendmail buffer overflow fixed

The sendmail packages in Slackware 8.1 and -current have been patched to fix
a security problem.  All sites running sendmail should upgrade.  

More information on the problem can be found here:

http://www.sendmail.org/8.12.8.html

Here are the details from the Slackware 8.1 ChangeLog:
+--------------------------+
Mon Mar  3 10:29:01 PST 2003
patches/packages/sendmail-8.12.8-i386-1.tgz:  Upgraded to sendmail-8.12.8.
  From sendmail's RELNOTES:
    SECURITY: Fix a remote buffer overflow in header parsing by dropping sender
    and recipient header comments if the comments are too long.  Problem noted
    by Mark Dowd of ISS X-Force.
  (* Security fix *)
patches/packages/sendmail-cf-8.12.8-noarch-1.tgz:  Updated config files for
  sendmail-8.12.8.
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.12.8-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.12.8-noarch-1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-8.12.8-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-cf-8.12.8-noarch-1.tgz



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.1 packages:
c2c72b982d91d9ca0f59ab2afdf337f2  sendmail-8.12.8-i386-1.tgz
0b8e338169dca7487dd042ba070120d1  sendmail-cf-8.12.8-noarch-1.tgz

Slackware -current packages:
a9db559cd852164577f26efff1e9b36d  sendmail-8.12.8-i386-1.tgz
0141c1f40e1efd148f9ccd1d5a09e7f0  sendmail-cf-8.12.8-noarch-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

As root, upgrade the sendmail package(s) with upgradepkg:

upgradepkg sendmail-*.tgz

Then, restart sendmail:

/etc/rc.d/rc.sendmail restart



+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com