DESA-2004-012 - samba: buffer overruns

[Morten Werner Olsen <werner@skolelinux.no>]

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2004-012
http://www.skolelinux.no/security/                      Morten Werner Olsen
August 28, 2004                 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : samba
Vulnerability       : buffer overruns
Problem-Type        : remote
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CAN-2004-0600, CAN-2004-0686
DSA ID              : -

The functionality affected by these vulnerabilities are not enabled in
a standard Debian-Edu/Skolelinux installation, but they will be if
SWAT is started or if the 'mangling method = hash' is used in
smb.conf.

We recommend that you upgrade your samba package.

Upgrade Instructions
- --------------------

Make sure 'deb http://ftp.skolelinux.no/skolelinux woody local' is 
present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists.

  apt-get install samba

- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
              linuxiskolen@skolelinux.no, user@skolelinux.de
Package info: `apt-cache show <pkg>'