From: Christian PERRIER on 10 Mar 2010 02:10 Quoting Jeremy Allison (jra(a)samba.org): > Security problem with Samba on Linux > ------------------------------------ > > In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code > was added to fix a problem with Linux asynchronous IO handling. Situation for Debian: - Debian stable isn't affected by this issue (we have 3.2.5+patches there) - Official backports from www.backports.org aren't affected too (we have 3.4.5) - Debian unstable has 3.4.7 since yesterday, a few hours after the official annoucement. As it had 3.4.6 earlier, users of Debian unstable *are strongly advised to "apt-get upgrade"* - Debian experimental has 3.5.1 since about the same time. Users who follow samba in experimental to have 3.5 should also upgrade The most important info: ------------------------ - Debian testing (squeeze) *is* affected as of now. By a very very infortunate sequence of events, yesterday was the day where 3.4.6 packages that were in unstable aged enough to enter testing. And they did. Before I could notice (I happen to do paid work during the day..:-)) So, users of Debian testing should either avoid upgrading today if they still have 3.4.5 packages or upgrade their systems ASAP with the packages uploaded yesterday in unstable (you need to do this manually) if they already upgraded to 3.4.6 3.4.7 packages were bumped to "high" urgency, which means they will enter testing by Thursday March 11th (I'm unsure about the exact time). I don't think that Ubuntu is affected by all this, even the soon to come Lucid....but this is unverified information. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Probably OT]: Samba LDAP data migration Next: [Samba] 3.4.6 slow access to shares ? |