Bug #2611

Samba impacted by critical security issue

Added by Milan Jurik over 5 years ago. Updated over 5 years ago.

Status:NewStart date:2012-04-11
Priority:UrgentDue date:
Assignee:Bayard Bell% Done:

0%

Category:update component
Target version:-
Difficulty:Bite-size Tags:samba

Description

CVE-2012-1182 represents critical remote security vulnerability for all Samba servers. We have to deliver Samba 3.5.14 to resolve this.

History

#1 Updated by Igor Kozhukhov over 5 years ago

Maybe upgrade to samba-3.6.3 from userland-gate ?

Oracle have been updated:
https://bitbucket.org/dilos/userland-gate/changeset/3518078b68c4

#2 Updated by Milan Jurik over 5 years ago

3.6.3 is also impacted, 3.6.4 is needed for 3.6. The fastest way is to bump version to 3.5.14 and then as the next step sync with Oracle userland and bump to 3.6.4. But as we have no vehicle to publish security vulnerabilities asap, I vote for 3.6.4 on top of Oracle userland.

#3 Updated by Bayard Bell over 5 years ago

  • Assignee set to Bayard Bell
  • Tags changed from needs-triage to samba

I've got a version of 3.6.4 already brewing for 2172.

Also available in: Atom