There have been reports that some Linux distributions are affected by a vulnerability in samba. There are two issues: * the wsmbconf program (which is still a prototype application not meant for general release) is unsafe. Debian does not distribute this program. * some distributions used a world-writable directory without a t bit. We use /var/tmp which does not suffer from this problem. There is no need to upgrade your samba package. -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon . Wichert Akkerman . Martin Schulze <chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
Attachment:
pgpTwpJDykm_7.pgp
Description: PGP signature