Subject: Re: Samba 2.0.8
To: Patrick Welche <firstname.lastname@example.org>
From: David Brownlee <email@example.com>
Date: 05/09/2001 17:53:27
Thanks for picking this up.
Performing some basic testing of an updated pkgsrc entry now.
David/absolute -- www.netbsd.org: No hype required --
On Wed, 9 May 2001, Patrick Welche wrote:
> I have no idea whether or not this is the right list, but it seems that in
> pkgsrc, there is:
> The following security vulnerabilities are known for net/samba at May 1
> 10:20 :
> samba<2.0.8 has a local-symlink-race exploit (see
> http://www.securityfocus.com/templates/archive.pike?list=1&mid=177370 for
> more details)
> and at www.samba.org:
> o (9th May 2001) Samba 2.0.9 released - SECURITY FIX
> The recent Samba 2.0.8 release did not fix the local /tmp security
> hole. The 2.0.9 release corrects that. Note that the 2.2.0 release
> did fix the hole and you should only install 2.0.9 if you don't
> want to use the 2.2.x release just yet. The 2.0.9 release is
> available here and the patch is available here.