-----BEGIN PGP SIGNED MESSAGE----- The Samba team brought to our attention a security vulnerability in the samba-1.9.18p10-3 RPMs as distributed in RedHat 5.2. We would like to thank Andrew Tridgell and the Samba team for discovering this problem. The problem is the installation permissions of the wsmbconf binary. The RPM installs wsmbconf as a setgid binary owned by group root and executable by all users. Only users of Red Hat Linux 5.2 are affected. All systems on which the RedHat 5.2 Samba RPM are installed should immediately remove the file /usr/sbin/wsmbconf: rm -f /usr/sbin/wsmbconf or upgrade to the new packages available from our updates site: Red Hat Linux 5.2: ================== alpha: rpm -Uvh ftp://updates.redhat.com/5.2/alpha/samba-1.9.18p10-4.alpha.rpm i386: rpm -Uvh ftp://updates.redhat.com/5.2/i386/samba-1.9.18p10-4.i386.rpm sparc: rpm -Uvh ftp://updates.redhat.com/5.2/sparc/samba-1.9.18p10-4.sparc.rpm Source rpm: rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/samba-1.9.18p10-4.src.rpm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNlCPsPGvxKXU9NkBAQE+2wQAgm2td4uglTXihGG3+sfl9SqYm/lpuo6Z gk/9yaK5fgTwDDHdyfhhLgvKhYD7bRiV2ak7JMabJKZNIK+r0pfyluAtcSD2RLGc O8pxAx1ZiI9JydIqWgw9o3bXGhFgpqaZ/85MlqGWLPF2oqdyGBsyvnqOfNS9EzTt 7I1viS3ixZs= =FF8C -----END PGP SIGNATURE-----
Red Hat 5.2 ships a security hole in Samba.
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis