<<< Date Index >>>     <<< Thread Index >>>

[SECURITY] [DSA 701-2] New samba packages fix correct sporadic crash



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 701-2                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
April 21st, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : samba
Vulnerability  : integer overflows
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1154
CERT advisory  : VU#226184
Debian Bug     : 302378

It has been discovered that the last security update for Samba, a
LanManager like file and printer server for GNU/Linux and Unix-like
systems caused the daemon to crash upon reload.  This has been fixed.
For reference below is the original advisory text:

   Greg MacManus discovered an integer overflow in the smb daemon from
   Samba, a LanManager like file and printer server for GNU/Linux and
   Unix-like systems.  Requesting a very large number of access control
   descriptors from the server could exploit the integer overflow, which
   may result in a buffer overflow which could lead to the execution of
   arbitrary code with root privileges.  Upstream developers have
   discovered more possible integer overflows that are fixed with this
   update as well.

For the stable distribution (woody) these problems have been fixed in
version 2.2.3a-15.

The version in the unstable distribution (sid) is not affected by this
new problem.

We recommend that you upgrade your samba packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.dsc
      Size/MD5 checksum:      771 a830503053c010eaf927e278aa9bee46
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.diff.gz
      Size/MD5 checksum:   128578 5019368376bf7e7021d6fac84b4ebb41
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
      Size/MD5 checksum:  5460531 b6ec2f076af69331535a82b586f55254

  Architecture independent components:

    
http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-15_all.deb
      Size/MD5 checksum:  2447132 bddbd51cdb1ad5caa110da59fa1befd7

  Alpha architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_alpha.deb
      Size/MD5 checksum:   416810 54cc78e20583f06965d972aa6e0b44d0
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_alpha.deb
      Size/MD5 checksum:   490188 32c9b6bf5bff4bf3af118d1c1a808118
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_alpha.deb
      Size/MD5 checksum:   602016 a2036d9ed3ad444a3e659b64e28f1cd7
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_alpha.deb
      Size/MD5 checksum:  2963274 75fd393711aece6fec0cd8b7d684f515
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_alpha.deb
      Size/MD5 checksum:  1132702 96f4c0d239636931d92c2ce2bbc08a9d
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_alpha.deb
      Size/MD5 checksum:  1159220 de33034038ebc1ed2132ab2d382ede11
    
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_alpha.deb
      Size/MD5 checksum:   952140 d064f7659969556065a5714672f73ed5
    
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_alpha.deb
      Size/MD5 checksum:   624636 7e68a5ad923d3ef9b9bc59bbb430fd4d
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_alpha.deb
      Size/MD5 checksum:  1108854 ca33ced414688e61616d8d7c446d7927

  ARM architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_arm.deb
      Size/MD5 checksum:   397722 59a8c97c404bad26b39d31eaadc4e4d5
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_arm.deb
      Size/MD5 checksum:   462276 3614ee47d7fa5c1c647528789f5d67b0
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_arm.deb
      Size/MD5 checksum:   548498 259e4f9bec3d35c1fa9114d62519d3ac
    http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_arm.deb
      Size/MD5 checksum:  2557616 d5c3bc06031f7e1a8f318f7044c4c065
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_arm.deb
      Size/MD5 checksum:  1024430 707cdd665ed01bd65ab3992de8ec3022
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_arm.deb
      Size/MD5 checksum:  1004790 0f101fceeb6ce6c9d0fbe04b36be629d
    http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_arm.deb
      Size/MD5 checksum:   833456 89b7d54917cd90ec1960e091e1bff8c6
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_arm.deb
      Size/MD5 checksum:   558620 c8a4da7264d07c97d12163e70c2340f9
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_arm.deb
      Size/MD5 checksum:   976218 86a5de52d3f680adb949606fb0837cbb

  Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_i386.deb
      Size/MD5 checksum:   389394 f4a558d33c67099e6ed20091b528d952
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_i386.deb
      Size/MD5 checksum:   446602 74ae7a7159f19db07094502644fcab0d
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_i386.deb
      Size/MD5 checksum:   500304 3613b9880b421a26c4ea8ba726f9c85a
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_i386.deb
      Size/MD5 checksum:  2422058 a2d6e27f58b9255ce07640eef5b591df
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_i386.deb
      Size/MD5 checksum:   993734 89419f6b2f17e8aed613c51a5ac8e9f2
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_i386.deb
      Size/MD5 checksum:   955662 52c703be64db22e2b8892477639726f2
    
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_i386.deb
      Size/MD5 checksum:   794894 68ec0cf3a9261b593488353ea3f18bf6
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_i386.deb
      Size/MD5 checksum:   535942 82462f0c253bbecbc0c3b4c417b66d43
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_i386.deb
      Size/MD5 checksum:   932174 8146d2161b0f204ce41147c315e82455

  Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_ia64.deb
      Size/MD5 checksum:   462818 69f3f879edd97b08ac8a3e52fbb95090
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_ia64.deb
      Size/MD5 checksum:   554832 730894829cff961725b2e9e1178a5e18
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_ia64.deb
      Size/MD5 checksum:   626344 0faf0298ef66970cb393c49d5b3d508e
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_ia64.deb
      Size/MD5 checksum:  3495368 c71d00d4a4fd108635c1a7010368a6dd
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_ia64.deb
      Size/MD5 checksum:  1250736 800849fa4340dca4c5d559f61857d8b0
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_ia64.deb
      Size/MD5 checksum:  1332712 1462f5a2b3afdc9a30a821ba2b3ed9f0
    
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_ia64.deb
      Size/MD5 checksum:  1100548 7a51e38509ddb3c2094fc0b2f4e52f30
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_ia64.deb
      Size/MD5 checksum:   696404 d2d4325e344ab644e157632b0b454345
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_ia64.deb
      Size/MD5 checksum:  1284038 5062f707960e5397cdac4f68fec8c19b

  HP Precision architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_hppa.deb
      Size/MD5 checksum:   420670 3ebfd5f13e140892d0eee6fe2134aed2
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_hppa.deb
      Size/MD5 checksum:   491982 91a01975668c77fbf69b60ed482be911
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_hppa.deb
      Size/MD5 checksum:   590680 2b860b9aad275d8ec5861df32c54df61
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_hppa.deb
      Size/MD5 checksum:  2797958 eb8bcb58cc62d9ed95c540a32033c089
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_hppa.deb
      Size/MD5 checksum:  1082496 8446865cbb609e233211bcf717fe43c0
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_hppa.deb
      Size/MD5 checksum:  1087288 9a44929178cb8b8406690ab5220600c3
    
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_hppa.deb
      Size/MD5 checksum:   903440 10995cadf8ea6671d93f3ab9bdee1b23
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_hppa.deb
      Size/MD5 checksum:   590876 85832604872b8eb84f1d72e60ca69de0
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_hppa.deb
      Size/MD5 checksum:  1062142 08523479c0cd91d5f137bea51f754dd1

  Motorola 680x0 architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_m68k.deb
      Size/MD5 checksum:   399818 6882d30a2f2ee2b99afbb32abff0020c
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_m68k.deb
      Size/MD5 checksum:   461100 db0510c04055a133dc1d5a08e738bb39
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_m68k.deb
      Size/MD5 checksum:   506028 cb718fb5103d31715445150d6272f270
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_m68k.deb
      Size/MD5 checksum:  2367368 301b09319baa600ad2e9a8ed83255471
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_m68k.deb
      Size/MD5 checksum:   983910 db09d234e5b469b859adc2f7432df9a7
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_m68k.deb
      Size/MD5 checksum:   939778 7d19988ca24410a27c7a708a61b5fe5e
    
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_m68k.deb
      Size/MD5 checksum:   791812 18d0a57c6ba5e717a6cc43e16af99c3e
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_m68k.deb
      Size/MD5 checksum:   525824 061bbd514f5508e9251fad7e41c7a867
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_m68k.deb
      Size/MD5 checksum:   933982 88265eacabf3d96b1aa118b7c8736db4

  Big endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mips.deb
      Size/MD5 checksum:   396830 b5fd5ba93dd8b7c5cbf8b4708ee7ab28
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mips.deb
      Size/MD5 checksum:   460228 1ec3f80b54e5d4aefc2e0113ebdd1711
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mips.deb
      Size/MD5 checksum:   570762 34e0b588c7ae9c1f0f90cad60cf3f43f
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mips.deb
      Size/MD5 checksum:  2808522 53157303f42e7b1f2de9b99912246b8b
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mips.deb
      Size/MD5 checksum:  1080134 43ea434c339d52f4eef4e32c83b3f41d
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mips.deb
      Size/MD5 checksum:  1090032 2a88b66106a14d31fb5887a450a1de9d
    
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mips.deb
      Size/MD5 checksum:   912250 6574d75406e22c416a76ce077c31832a
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mips.deb
      Size/MD5 checksum:   582084 67830ce3df32cfae30eb2efe7ad87a19
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mips.deb
      Size/MD5 checksum:  1030444 60bbff9a824aa36ddbd988ee01063069

  Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mipsel.deb
      Size/MD5 checksum:   392914 bc405a78273176b7efefd06170d23f46
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mipsel.deb
      Size/MD5 checksum:   454712 a8e3b095dfd4d2f6298a16f09a506ef0
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mipsel.deb
      Size/MD5 checksum:   563936 c555c075ec8440c9c78281f326d21e80
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mipsel.deb
      Size/MD5 checksum:  2771190 2bfca4bb39861f5595bbaf96d79cd993
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mipsel.deb
      Size/MD5 checksum:  1073628 b1fd732c6119078cdc0e8066657a9916
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mipsel.deb
      Size/MD5 checksum:  1078578 ca9622d56909bb4a5ecf28f29c90637f
    
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mipsel.deb
      Size/MD5 checksum:   899538 0f97803e96189613e32eb877e6ccc92f
    
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mipsel.deb
      Size/MD5 checksum:   577818 e187bfb77c374b568978fc225ab953b4
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mipsel.deb
      Size/MD5 checksum:  1017490 2f237a6102ce15885d208fa904aa1657

  PowerPC architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_powerpc.deb
      Size/MD5 checksum:   409454 e726893d5ff7d9063fb6d2226c837bfe
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_powerpc.deb
      Size/MD5 checksum:   476696 e00e166d95f682573f10c92412dc3d3a
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_powerpc.deb
      Size/MD5 checksum:   547600 30e23d427b5b35c1f5592a92c5d77113
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_powerpc.deb
      Size/MD5 checksum:  2611044 6915f515a4643eb35fefc9d9f5370927
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_powerpc.deb
      Size/MD5 checksum:  1038358 26c7983705ed0865e3bf28fb672a8d82
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_powerpc.deb
      Size/MD5 checksum:  1023690 24cd6ad298d918caa735b0200a71a6ba
    
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_powerpc.deb
      Size/MD5 checksum:   853686 bb8301e5e74c4e4344ce5acb98dbd24d
    
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_powerpc.deb
      Size/MD5 checksum:   561654 723b8207864e0b08c296b84eea855528
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_powerpc.deb
      Size/MD5 checksum:  1003568 213b0f0b3d65b7a718eda96789b0393c

  IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_s390.deb
      Size/MD5 checksum:   404176 39adf5289a4ac6812cbed5205fb5b2ae
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_s390.deb
      Size/MD5 checksum:   471088 be9980bc9c633eb2c322e62034261e57
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_s390.deb
      Size/MD5 checksum:   527906 5c13cdac05e43d8985bb1487ed1668f5
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_s390.deb
      Size/MD5 checksum:  2501820 f69cee114720831c767bf134fbc28f80
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_s390.deb
      Size/MD5 checksum:  1008810 71e18ad0686d9b3fe419392066678bac
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_s390.deb
      Size/MD5 checksum:   985000 d3a2f39e1cfb19bc1370a72b7ebd4bfe
    
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_s390.deb
      Size/MD5 checksum:   835452 22775fa123dec008ff0203164181a28f
    http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_s390.deb
      Size/MD5 checksum:   538802 b5303f335182d5d84aa63bc06ee24f41
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_s390.deb
      Size/MD5 checksum:   967516 24c28a95bcbcf95fc18d39bda1fb4bff

  Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_sparc.deb
      Size/MD5 checksum:   401406 9dd6197a246b2465b2cb7efe99e41285
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_sparc.deb
      Size/MD5 checksum:   462310 7a1ad3778872cba2f53f6c23257c09da
    
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_sparc.deb
      Size/MD5 checksum:   525272 55b1545f1abe0f3e98d0794a8b44fb51
    
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_sparc.deb
      Size/MD5 checksum:  2517506 8f53c843aa7376885ddfa084a24014f4
    
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_sparc.deb
      Size/MD5 checksum:  1012950 244bac12471bf063b70cc6ed7dbcdf1e
    
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_sparc.deb
      Size/MD5 checksum:   987134 af61a6e73388d03702cf016e513b93a7
    
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_sparc.deb
      Size/MD5 checksum:   830998 17bbf913464d5a8499eb7983212cc23a
    
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_sparc.deb
      Size/MD5 checksum:   544798 7b58d5da25b735a084ee851223ec2357
    
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_sparc.deb
      Size/MD5 checksum:   967886 e12469a586cf25650a09abda6e0f3df5


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCZ9UuW5ql+IAeqTIRAvcOAKC0VdgxjMpuxdqi9hCyGIN2spuYEQCeJ4lO
dtsOD1pg5RV87jRa3Golnhw=
=NBL9
-----END PGP SIGNATURE-----