[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2005-003: samba: Integer overflow

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2005-003
http://www.skolelinux.no/security/                       Finn-Arne Johansen
January 10, 2005                debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : samba
Vulnerability       : Integer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CAN-2004-1154
DSA ID              : -
DSA URL             : -

There have been discovered a bug that could cause Remote exploitation of
an integer overflow vulnerability in the smbd daemon. We have preparred
a new backport of samba to solve these issues.

Due to some changes in the password handling of the ldap password you
also need to upgrade debian-edu-config to make password changes and
adding of new users possible. 
You need debian-edu-config versjon 0.394-1.desa2004021 or later.

We recommend that you update your samba and debian-edu-config packages.

Upgrade Instructions
- --------------------

Make sure the line

  deb http://ftp.skolelinux.no/skolelinux woody local

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

  'apt-get install debian-edu-config samba'

to upgrade your samba and debian-edu-config package.

- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
              linuxiskolen@skolelinux.no, user@skolelinux.de,
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: Digital signature

Reply to: