Netzwerk Sicherheits Prüfungen / Anfälligkeitsfeststellung von SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  samba DoS (SSA:2004-257-01)

New samba packages are available for Slackware 10.0 and -current.
These fix two denial of service vulnerabilities reported by
iDEFENSE.  Slackware -current has been upgraded to samba-3.0.7,
while the samba-3.0.5 included with Slackware 10.0 has been
patched to fix these issues.  Sites running Samba 3.x should
upgrade to the new package.  Versions of Samba before 3.0.x are
not affected by these flaws.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808

Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Mon Sep 13 17:07:20 PDT 2004
patches/packages/samba-3.0.5-i486-3.tgz:  Patched two Denial of Service
  vulnerabilities in samba-3.0.5.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808
  (* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.5-i486-3.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.0.7-i486-1.tgz

MD5 signatures:
+-------------+

Slackware 10.0 package:
a8bf821c6b6febd69dd0d1958c3b7796  samba-3.0.5-i486-3.tgz

Slackware -current package:
acdaf5bc8b3777245d0ed51bcc4acec4  samba-3.0.7-i486-1.tgz

Installation instructions:
+------------------------+

As root, stop the samba server:

. /etc/rc.d/rc.samba stop

Next, upgrade the samba package(s) with upgradepkg:

upgradepkg samba-3.0.5-i486-3.tgz

Finally, start samba again:

. /etc/rc.d/rc.samba start

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBRo+CakRjwEAQIjMRAnxEAJ4ybzv9c+z6YX3Siz0Hh69gwjSsngCfdLum
Ba6r5LxQa4A+SOh4jOz7OSY=
=dVhK
-----END PGP SIGNATURE-----