Gentoo Archives: gentoo-user

From: Jeff Horelick <jdhore@g.o>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Heads up, remote root vulnerability discovered in Samba
Date: Wed, 11 Apr 2012 19:38:54
Message-Id: CAFhp8z4yPVE=8cuP2w64SsOwPJA6fiMxq5S-S3UvXH55mLqLGw@mail.gmail.com
In Reply to: [gentoo-user] Heads up, remote root vulnerability discovered in Samba by Paul Hartman
1 On 10 April 2012 23:56, Paul Hartman <paul.hartman+gentoo@×××××.com> wrote:
2 > "Samba versions 3.6.3 and all versions previous to this are affected
3 > by a vulnerability that allows remote code execution as the "root"
4 > user from an anonymous connection."
5 >
6 > "As this does not require an authenticated connection it is the most
7 > serious vulnerability possible in a program, and users and vendors are
8 > encouraged to patch their Samba installations immediately."
9 >
10 > More info at:
11 > https://www.samba.org/samba/security/CVE-2012-1182
12 >
13
14 There is already a fixed version (3.5.14) stable on x86, amd64 and
15 hppa (and obviously ~arch for the other arches) and it should go
16 stable on those other arches soon and have a GLSA soon as well.