Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-commits
Navigation:
Lists: gentoo-commits: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-commits@g.o
From: "Pierre-Yves Rofes (py)" <py@g.o>
Subject: gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-29.xml
Date: Wed, 05 Dec 2007 23:17:05 +0000
py          07/12/05 23:17:05

  Modified:             glsa-200711-29.xml
  Log:
  Version 3.0.27 fixes 2nd vulnerability.

Revision  Changes    Path
1.2                  xml/htdocs/security/en/glsa/glsa-200711-29.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-29.xml?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-29.xml?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-29.xml?r1=1.1&r2=1.2

Index: glsa-200711-29.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-200711-29.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- glsa-200711-29.xml	20 Nov 2007 21:15:24 -0000	1.1
+++ glsa-200711-29.xml	5 Dec 2007 23:17:04 -0000	1.2
@@ -7,17 +7,17 @@
   <title>Samba: Execution of arbitrary code</title>
   <synopsis>
     Samba contains two buffer overflow vulnerabilities potentially resulting in
-    the execution of arbitrary code, one of which is currently unfixed.
+    the execution of arbitrary code.
   </synopsis>
   <product type="ebuild">samba</product>
   <announced>November 20, 2007</announced>
-  <revised>November 20, 2007: 01</revised>
+  <revised>December 05, 2007: 03</revised>
   <bug>197519</bug>
   <access>remote</access>
   <affected>
     <package name="net-fs/samba" auto="yes" arch="*">
-      <unaffected range="ge">3.0.26a-r2</unaffected>
-      <vulnerable range="lt">3.0.26a-r2</vulnerable>
+      <unaffected range="ge">3.0.27a</unaffected>
+      <vulnerable range="lt">3.0.27a</vulnerable>
     </package>
   </affected>
   <background>
@@ -37,7 +37,7 @@
   </description>
   <impact type="high">
     <p>
-    To exploit the first vulnerability a remote unauthenticated attacker
+    To exploit the first vulnerability, a remote unauthenticated attacker
     could send specially crafted WINS "Name Registration" requests followed
     by a WINS "Name Query" request. This might lead to execution of
     arbitrary code with elevated privileges. Note that this vulnerability
@@ -57,20 +57,14 @@
   </workaround>
   <resolution>
     <p>
-    The Samba 3.0.27 ebuild that resolves both vulnerabilities is currently
-    masked due to a regression in the patch for the second vulnerability.
-    </p>
-    <p>
-    Since no working patch exists yet, all Samba users should upgrade to
-    3.0.26a-r2, which contains a fix for the first vulnerability
-    (CVE-2007-5398):
+    All Samba users should upgrade to the latest version:
     </p>
     <code>
     # emerge --sync
-    # emerge --ask --oneshot --verbose &quot;&gt;=net-fs/samba-3.0.26a-r2&quot;</code>
+    # emerge --ask --oneshot --verbose &quot;&gt;=net-fs/samba-3.0.27a&quot;</code>
     <p>
-    An update to this temporary GLSA will be sent when the second
-    vulnerability will be fixed.
+    The first vulnerability (CVE-2007-5398) was already fixed in Samba
+    3.0.26a-r2.
     </p>
   </resolution>
   <references>



-- 
gentoo-commits@g.o mailing list


Navigation:
Lists: gentoo-commits: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-29.xml
Next by thread:
gentoo-x86 commit in dev-python/gnuplot-py: ChangeLog gnuplot-py-1.7-r2.ebuild
Previous by date:
gentoo-x86 commit in xfce-base/xfce4-panel: ChangeLog xfce4-panel-4.4.1-r2.ebuild
Next by date:
gentoo-x86 commit in net-libs/libsoup: ChangeLog libsoup-2.2.104.ebuild


Updated Jun 23, 2012

Summary: Archive of the gentoo-commits mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.