Red Hat Linux
Red Hat Security Advisory
Synopsis: Moderate: dbus security update
Advisory ID: RHSA-2007:0008-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0008.html
Issue date: 2007-02-08
Updated on: 2007-02-08
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-6107
1. Summary:
Updated dbus packages that fix a security issue are now
available for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64
3. Problem description:
D-BUS is a system for sending messages between applications. It
is used both for the systemwide message bus service, and as a
per-user-login-session messaging facility.
Kimmo H. discovered a flaw in the way D-BUS processes certain
messages. It is possible for a local unprivileged D-BUS process to
disrupt the ability of another D-BUS process to receive messages.
(CVE-2006-6107)
Users of dbus are advised to upgrade to these updated packages,
which contain backported patches to correct this issue.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
218055 – CVE-2006-6107 D-Bus denial of service
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/dbus-0.22-12.EL.8.src.rpm
379fdd3f9afb34124fa9b88deb440e3f
dbus-0.22-12.EL.8.src.rpm
i386:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
b8a46001a416b2e36f5da1e6868c91ec
dbus-devel-0.22-12.EL.8.i386.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
8e5eadeb5be39e139885336011551656
dbus-python-0.22-12.EL.8.i386.rpm
2f9d064981b12a7f4cb8cf74d6142de5
dbus-x11-0.22-12.EL.8.i386.rpm
ia64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
dd584d93cd98e8ebc3331e5c5d938b87 dbus-0.22-12.EL.8.ia64.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
872bafd3dbb945e65141d63418ee9592
dbus-debuginfo-0.22-12.EL.8.ia64.rpm
a294a24161855aa73d4a9d83e4f3a107
dbus-devel-0.22-12.EL.8.ia64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
b07996f3ebf2331958a1adfd230302cc
dbus-glib-0.22-12.EL.8.ia64.rpm
c7406fea694e12487aa8213142ed66ea
dbus-python-0.22-12.EL.8.ia64.rpm
7097ef62d6917170005f000a14a54fe7
dbus-x11-0.22-12.EL.8.ia64.rpm
ppc:
acaed9d78ce157ef8b15e19692c832c1 dbus-0.22-12.EL.8.ppc.rpm
87db84625d2e27f3b0c168e2f1e34a18
dbus-0.22-12.EL.8.ppc64.rpm
a9f3006c196b42ee882baced9a29f821
dbus-debuginfo-0.22-12.EL.8.ppc.rpm
c40f580e5fc221bedfdbe209172fa671
dbus-debuginfo-0.22-12.EL.8.ppc64.rpm
d4adf9454e5303fdcaab8c43805a212c
dbus-devel-0.22-12.EL.8.ppc.rpm
1a66a5a36be6167dff2558866ab34d9c
dbus-glib-0.22-12.EL.8.ppc.rpm
e28bef04fa98091747deef3b121fec18
dbus-glib-0.22-12.EL.8.ppc64.rpm
60c70fee76a3a98c6cf46629901b2ed3
dbus-python-0.22-12.EL.8.ppc.rpm
02a34c40ade9386f829e0bbf12dc8036
dbus-x11-0.22-12.EL.8.ppc.rpm
s390:
2aec70890676846f00be1fd5ed9f4a9c dbus-0.22-12.EL.8.s390.rpm
995ca549549fa390bb04fee99726f683
dbus-debuginfo-0.22-12.EL.8.s390.rpm
ba507082ec7e13a57cbf9d2addf18e9d
dbus-devel-0.22-12.EL.8.s390.rpm
79ebed9e812ce4760fcbd4bb7fa8efb7
dbus-glib-0.22-12.EL.8.s390.rpm
f1be5d2e04c8e0698caddc9d0af40ab2
dbus-python-0.22-12.EL.8.s390.rpm
11ca54506fedf365fab62e025d7b742b
dbus-x11-0.22-12.EL.8.s390.rpm
s390x:
2aec70890676846f00be1fd5ed9f4a9c dbus-0.22-12.EL.8.s390.rpm
38a9c1c9838f1fc0ffe7e8c62259a4e9
dbus-0.22-12.EL.8.s390x.rpm
995ca549549fa390bb04fee99726f683
dbus-debuginfo-0.22-12.EL.8.s390.rpm
146b6a51d985cec520b70d2e39353c95
dbus-debuginfo-0.22-12.EL.8.s390x.rpm
d17fd60137f8fc012826cb5c2fb1c798
dbus-devel-0.22-12.EL.8.s390x.rpm
79ebed9e812ce4760fcbd4bb7fa8efb7
dbus-glib-0.22-12.EL.8.s390.rpm
5608a1394e595ee7560bc2080b54524e
dbus-glib-0.22-12.EL.8.s390x.rpm
6afc6054de436384a71951c4ca7c1083
dbus-python-0.22-12.EL.8.s390x.rpm
aa63335eff72a01edf6c3c8709257100
dbus-x11-0.22-12.EL.8.s390x.rpm
x86_64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
ac83105ce8b120ec537a3ea54da1e37d
dbus-0.22-12.EL.8.x86_64.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
e6beedfb77d864db50af50524560ddf2
dbus-debuginfo-0.22-12.EL.8.x86_64.rpm
1b248af405670382e31b06c4fa52fa36
dbus-devel-0.22-12.EL.8.x86_64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
8c41138bbf9127bbb2d799f566ce3a8a
dbus-glib-0.22-12.EL.8.x86_64.rpm
920cf9a273c521118e374230690a3df6
dbus-python-0.22-12.EL.8.x86_64.rpm
847b2400eee82a36e3542b2f4f2d4947
dbus-x11-0.22-12.EL.8.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/dbus-0.22-12.EL.8.src.rpm
379fdd3f9afb34124fa9b88deb440e3f
dbus-0.22-12.EL.8.src.rpm
i386:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
b8a46001a416b2e36f5da1e6868c91ec
dbus-devel-0.22-12.EL.8.i386.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
8e5eadeb5be39e139885336011551656
dbus-python-0.22-12.EL.8.i386.rpm
2f9d064981b12a7f4cb8cf74d6142de5
dbus-x11-0.22-12.EL.8.i386.rpm
x86_64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
ac83105ce8b120ec537a3ea54da1e37d
dbus-0.22-12.EL.8.x86_64.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
e6beedfb77d864db50af50524560ddf2
dbus-debuginfo-0.22-12.EL.8.x86_64.rpm
1b248af405670382e31b06c4fa52fa36
dbus-devel-0.22-12.EL.8.x86_64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
8c41138bbf9127bbb2d799f566ce3a8a
dbus-glib-0.22-12.EL.8.x86_64.rpm
920cf9a273c521118e374230690a3df6
dbus-python-0.22-12.EL.8.x86_64.rpm
847b2400eee82a36e3542b2f4f2d4947
dbus-x11-0.22-12.EL.8.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/dbus-0.22-12.EL.8.src.rpm
379fdd3f9afb34124fa9b88deb440e3f
dbus-0.22-12.EL.8.src.rpm
i386:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
b8a46001a416b2e36f5da1e6868c91ec
dbus-devel-0.22-12.EL.8.i386.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
8e5eadeb5be39e139885336011551656
dbus-python-0.22-12.EL.8.i386.rpm
2f9d064981b12a7f4cb8cf74d6142de5
dbus-x11-0.22-12.EL.8.i386.rpm
ia64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
dd584d93cd98e8ebc3331e5c5d938b87 dbus-0.22-12.EL.8.ia64.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
872bafd3dbb945e65141d63418ee9592
dbus-debuginfo-0.22-12.EL.8.ia64.rpm
a294a24161855aa73d4a9d83e4f3a107
dbus-devel-0.22-12.EL.8.ia64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
b07996f3ebf2331958a1adfd230302cc
dbus-glib-0.22-12.EL.8.ia64.rpm
c7406fea694e12487aa8213142ed66ea
dbus-python-0.22-12.EL.8.ia64.rpm
7097ef62d6917170005f000a14a54fe7
dbus-x11-0.22-12.EL.8.ia64.rpm
x86_64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
ac83105ce8b120ec537a3ea54da1e37d
dbus-0.22-12.EL.8.x86_64.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
e6beedfb77d864db50af50524560ddf2
dbus-debuginfo-0.22-12.EL.8.x86_64.rpm
1b248af405670382e31b06c4fa52fa36
dbus-devel-0.22-12.EL.8.x86_64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
8c41138bbf9127bbb2d799f566ce3a8a
dbus-glib-0.22-12.EL.8.x86_64.rpm
920cf9a273c521118e374230690a3df6
dbus-python-0.22-12.EL.8.x86_64.rpm
847b2400eee82a36e3542b2f4f2d4947
dbus-x11-0.22-12.EL.8.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/dbus-0.22-12.EL.8.src.rpm
379fdd3f9afb34124fa9b88deb440e3f
dbus-0.22-12.EL.8.src.rpm
i386:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
b8a46001a416b2e36f5da1e6868c91ec
dbus-devel-0.22-12.EL.8.i386.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
8e5eadeb5be39e139885336011551656
dbus-python-0.22-12.EL.8.i386.rpm
2f9d064981b12a7f4cb8cf74d6142de5
dbus-x11-0.22-12.EL.8.i386.rpm
ia64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
dd584d93cd98e8ebc3331e5c5d938b87 dbus-0.22-12.EL.8.ia64.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
872bafd3dbb945e65141d63418ee9592
dbus-debuginfo-0.22-12.EL.8.ia64.rpm
a294a24161855aa73d4a9d83e4f3a107
dbus-devel-0.22-12.EL.8.ia64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
b07996f3ebf2331958a1adfd230302cc
dbus-glib-0.22-12.EL.8.ia64.rpm
c7406fea694e12487aa8213142ed66ea
dbus-python-0.22-12.EL.8.ia64.rpm
7097ef62d6917170005f000a14a54fe7
dbus-x11-0.22-12.EL.8.ia64.rpm
x86_64:
e81002d1ca5787e89458cd7d5bb04dd5 dbus-0.22-12.EL.8.i386.rpm
ac83105ce8b120ec537a3ea54da1e37d
dbus-0.22-12.EL.8.x86_64.rpm
987a9f27799464897a63534b25ae3a8f
dbus-debuginfo-0.22-12.EL.8.i386.rpm
e6beedfb77d864db50af50524560ddf2
dbus-debuginfo-0.22-12.EL.8.x86_64.rpm
1b248af405670382e31b06c4fa52fa36
dbus-devel-0.22-12.EL.8.x86_64.rpm
5ba2eefce27c72524c7c5cdb1b6e2224
dbus-glib-0.22-12.EL.8.i386.rpm
8c41138bbf9127bbb2d799f566ce3a8a
dbus-glib-0.22-12.EL.8.x86_64.rpm
920cf9a273c521118e374230690a3df6
dbus-python-0.22-12.EL.8.x86_64.rpm
847b2400eee82a36e3542b2f4f2d4947
dbus-x11-0.22-12.EL.8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6107
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
Red Hat Security Advisory
Synopsis: Critical: IBMJava2 security update
Advisory ID: RHSA-2007:0072-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0072.html
Issue date: 2007-02-08
Updated on: 2007-02-08
Product: Red Hat Enterprise Linux
Obsoletes: RHBA-2007:0023 RHEA-2007:0024
CVE Names: CVE-2006-4339 CVE-2006-6731 CVE-2006-6736
CVE-2006-6737
1. Summary:
IBMJava2-JRE and IBMJava2-SDK packages that correct several
security issues are available for Red Hat Enterprise Linux 2.1.
This update has been rated as having critical security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
3. Problem description:
IBM’s 1.3.1 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.
Vulnerabilities were discovered in the Java Runtime Environment.
An untrusted applet could use these vulnerabilities to access data
from other applets. (CVE-2006-6736, CVE-2006-6737)
Buffer overflow vulnerabilities were discovered in the Java
Runtime Environment. An untrusted applet could use these flaws to
elevate its privileges, possibly reading and writing local files or
executing local applications. (CVE-2006-6731)
Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5
signatures. Where an RSA key with exponent 3 is used it may be
possible for an attacker to forge a PKCS #1 v1.5 signature that
would be incorrectly verified by implementations that do not check
for excess data in the RSA exponentiation result of the signature.
(CVE-2006-4339)
All users of IBMJava2 should upgrade to these updated packages,
which contain IBM’s 1.3.1 SR10a Java release which resolves these
issues.
Please note that the packages in this erratum are the same as
those we released on January 24th 2007 with advisories
RHBA-2007:0023 and RHEA-2007:0024. We have issued this security
update as these previous advisories did not specify that they fixed
critical security issues. If you have already updated to those
versions of IBMJava you will not need to apply this update.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via Red Hat
Network. Many people find this an easier way to apply updates. To
use Red Hat Network, launch the Red Hat Update Agent with the
following command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
226996 – CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737
CVE-2006-6731 CVE-2006-4339)
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/IBMJava2-JRE-1.3.1-12.src.rpm
e7699267331fb93d254adad6d45b8d63
IBMJava2-JRE-1.3.1-12.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/IBMJava2-SDK-1.3.1-11.src.rpm
b6871fc6d7be29b3786eaa448c9f11c1
IBMJava2-SDK-1.3.1-11.src.rpm
i386:
269290c07d286343ea614f2bb343b7d3
IBMJava2-JRE-1.3.1-12.i386.rpm
3e0d926828b12065841f0e225e3e652d
IBMJava2-SDK-1.3.1-11.i386.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/IBMJava2-JRE-1.3.1-12.src.rpm
e7699267331fb93d254adad6d45b8d63
IBMJava2-JRE-1.3.1-12.src.rpm
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/IBMJava2-SDK-1.3.1-11.src.rpm
b6871fc6d7be29b3786eaa448c9f11c1
IBMJava2-SDK-1.3.1-11.src.rpm
i386:
269290c07d286343ea614f2bb343b7d3
IBMJava2-JRE-1.3.1-12.i386.rpm
3e0d926828b12065841f0e225e3e652d
IBMJava2-SDK-1.3.1-11.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/IBMJava2-JRE-1.3.1-12.src.rpm
e7699267331fb93d254adad6d45b8d63
IBMJava2-JRE-1.3.1-12.src.rpm
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/IBMJava2-SDK-1.3.1-11.src.rpm
b6871fc6d7be29b3786eaa448c9f11c1
IBMJava2-SDK-1.3.1-11.src.rpm
i386:
269290c07d286343ea614f2bb343b7d3
IBMJava2-JRE-1.3.1-12.i386.rpm
3e0d926828b12065841f0e225e3e652d
IBMJava2-SDK-1.3.1-11.i386.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
rPath Linux
rPath Security Advisory: 2007-0025-2
Published: 2007-02-06
Updated: 2007-02-07 PostgreSQL 8.1.8 corrects regression Products:
rPath Linux 1
Rating: Major
Exposure Level Classification: Local User Deterministic
Vulnerability
Updated Versions:
postgresql=/conary.rpath.com@rpl:devel//1/8.1.7-0.1-1
postgresql-server=/conary.rpath.com@rpl:devel//1/8.1.7-0.1-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
https://issues.rpath.com/browse/RPL-830
https://issues.rpath.com/browse/RPL-1025
Description:
Previous versions of the postgresql package are vulnerable to
two attacks in which an authenticated database user can cause the
database server process to crash (Denial of Service), and possibly
also read privileged database content (Information Exposure).
7 February 2007 Update: The security fix provided in PostgreSQL
8.1.7 introduced a functional regression: it added an
overly-restrictive check for type length in constraints and
functional indexes. PostgreSQL 8.1.8 corrects this error.
Slackware Linux
[slackware-security] samba (SSA:2007-038-01)
New samba packages are available for Slackware 10.0, 10.1, 10.2,
and 11.0 to fix a denial-of-service security issue.
More details about the issues fixed in Samba 3.0.24 may be found
in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
Here are the details from the Slackware 11.0 ChangeLog:
+————————–+
patches/packages/samba-3.0.24-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
“Important issues addressed in 3.0.24 include:
- Fixes for the following security advisories:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS
library on Solaris) - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)”
Samba is Slackware is vulnerable to the first issue, which can
cause smbd to enter into an infinite loop, disrupting Samba
services. Linux is not vulnerable to the second issue, and
Slackware does not ship the afsacl.so VFS plugin (but it’s
something to be aware of if you build Samba with custom
options).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
(* Security fix *)
+————————–+
Where to find the new packages:
HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This
is another primary FTP site for Slackware that can be considerably
faster than downloading from ftp.slackware.com/.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating
additional FTP and rsync hosting to the Slackware project! 🙂
Also see the “Get Slack” section on http://slackware.com for additional
mirror sites near you.
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.24-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/samba-3.0.24-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/samba-3.0.24-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/samba-3.0.24-i486-1_slack11.0.tgz
MD5 signatures:
Slackware 10.0 package:
e845effc7048393b56069a09350eda68
samba-3.0.24-i486-1_slack10.0.tgz
Slackware 10.1 package:
907e0f0351a362381afd9dd627970e11
samba-3.0.24-i486-1_slack10.1.tgz
Slackware 10.2 package:
3b72e21a7e43ea9726e0147560b5f077
samba-3.0.24-i486-1_slack10.2.tgz
Slackware 11.0 package:
c17312f0537f36098f23351366b10a09
samba-3.0.24-i486-1_slack11.0.tgz
Installation instructions:
Upgrade the package as root:
# upgradepkg samba-3.0.24-i486-1_slack11.0.tgz
Restart Samba:
sh /etc/rc.d/rc.samba restart
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com