-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:196 http://www.mandriva.com/security/ _______________________________________________________________________ Package : samba Date : August 7, 2009 Affected: 2009.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in samba: Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename (CVE-2009-1886). The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory (CVE-2009-1888). This update provides samba 3.2.13 to address these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: e560c29e7403b4cba66a0af49ca2ae7c 2009.0/i586/libnetapi0-3.2.13-0.2mdv2009.0.i586.rpm 30594671d155a78c5ef2bb6884fb48c7 2009.0/i586/libnetapi-devel-3.2.13-0.2mdv2009.0.i586.rpm 1991fdbc46b32ef1524d1e3a2bac1740 2009.0/i586/libsmbclient0-3.2.13-0.2mdv2009.0.i586.rpm fef67835324adf11412cb7d1d91f6002 2009.0/i586/libsmbclient0-devel-3.2.13-0.2mdv2009.0.i586.rpm 70954d4b5ae651bf24858dc2ce21cd42 2009.0/i586/libsmbclient0-static-devel-3.2.13-0.2mdv2009.0.i586.rpm 9f9c22b65704a296b13a6fc5353572c0 2009.0/i586/libsmbsharemodes0-3.2.13-0.2mdv2009.0.i586.rpm fbbd2a30a11fc6ff96e2f48e980e3ca1 2009.0/i586/libsmbsharemodes-devel-3.2.13-0.2mdv2009.0.i586.rpm 6502c7f11c59ca41dd75d6c308ece50b 2009.0/i586/libtalloc1-3.2.13-0.2mdv2009.0.i586.rpm 9b11a3cd2a9e57e650730c9d932cbe59 2009.0/i586/libtalloc-devel-3.2.13-0.2mdv2009.0.i586.rpm c5cde67f780ad0b519cce0edf2f84b35 2009.0/i586/libtdb1-3.2.13-0.2mdv2009.0.i586.rpm f86a61c041ff4b3ce340b8538fb3fad0 2009.0/i586/libtdb-devel-3.2.13-0.2mdv2009.0.i586.rpm 63d98b035746c755e6ef9ccc20b6aa54 2009.0/i586/libwbclient0-3.2.13-0.2mdv2009.0.i586.rpm fe1d9de3586f62f7f71d3fb8543afb05 2009.0/i586/libwbclient-devel-3.2.13-0.2mdv2009.0.i586.rpm 4b8e0e89f421a8cf3d9098509f89df31 2009.0/i586/mount-cifs-3.2.13-0.2mdv2009.0.i586.rpm 55e106b2e362d3a170b610dcc56a95ca 2009.0/i586/nss_wins-3.2.13-0.2mdv2009.0.i586.rpm 18d89f67875c05a49101adfa4e8158a6 2009.0/i586/samba-client-3.2.13-0.2mdv2009.0.i586.rpm 6857e6b62dececc2b1cdba210d1bc60d 2009.0/i586/samba-common-3.2.13-0.2mdv2009.0.i586.rpm 6e5f88bb6bca89cae7d6f81629a993a2 2009.0/i586/samba-doc-3.2.13-0.2mdv2009.0.i586.rpm b9afd040b14654f9abb0fe44a80967c8 2009.0/i586/samba-server-3.2.13-0.2mdv2009.0.i586.rpm 9dcf16a44adf335c3978b407d2c24458 2009.0/i586/samba-swat-3.2.13-0.2mdv2009.0.i586.rpm 89e54f80f8d87d7d645da21ab1b3c6ae 2009.0/i586/samba-winbind-3.2.13-0.2mdv2009.0.i586.rpm 853a7a0d04efb98ccd1b86389e606477 2009.0/SRPMS/samba-3.2.13-0.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b8ca0a3e779b512b317e964669342bde 2009.0/x86_64/lib64netapi0-3.2.13-0.2mdv2009.0.x86_64.rpm a232c45d2dc2daa2245edd061fb7522d 2009.0/x86_64/lib64netapi-devel-3.2.13-0.2mdv2009.0.x86_64.rpm 31f5d6c964ede6056e75eafa883be697 2009.0/x86_64/lib64smbclient0-3.2.13-0.2mdv2009.0.x86_64.rpm 804794a279e87d9800d7a2de2883dfd6 2009.0/x86_64/lib64smbclient0-devel-3.2.13-0.2mdv2009.0.x86_64.rpm 6b41b9baaed9ab4be204c013a2f70c23 2009.0/x86_64/lib64smbclient0-static-devel-3.2.13-0.2mdv2009.0.x86_64.rpm 99e49f97d78ea96f42c217c75ae3fb5b 2009.0/x86_64/lib64smbsharemodes0-3.2.13-0.2mdv2009.0.x86_64.rpm 0480776e8e155c33b5ab05ab98a44e20 2009.0/x86_64/lib64smbsharemodes-devel-3.2.13-0.2mdv2009.0.x86_64.rpm 883a70cf9b7c7cf2c25905cd8509b761 2009.0/x86_64/lib64talloc1-3.2.13-0.2mdv2009.0.x86_64.rpm 86b45439f801e342b5b47a0de14cc26f 2009.0/x86_64/lib64talloc-devel-3.2.13-0.2mdv2009.0.x86_64.rpm 16454ad3e8652a9d3eb699d8c61bf47b 2009.0/x86_64/lib64tdb1-3.2.13-0.2mdv2009.0.x86_64.rpm 6ecebcae2880cc287195f0df3478f602 2009.0/x86_64/lib64tdb-devel-3.2.13-0.2mdv2009.0.x86_64.rpm dda3d4bee0e04ca670c987d6529304c5 2009.0/x86_64/lib64wbclient0-3.2.13-0.2mdv2009.0.x86_64.rpm 2ee38c52565088b3f074d69e7e4525cf 2009.0/x86_64/lib64wbclient-devel-3.2.13-0.2mdv2009.0.x86_64.rpm d97168bc98f06e08bfbd311c0b569f80 2009.0/x86_64/mount-cifs-3.2.13-0.2mdv2009.0.x86_64.rpm fb8b49a66055787e0dc711c0284ede5f 2009.0/x86_64/nss_wins-3.2.13-0.2mdv2009.0.x86_64.rpm 98fa55b725abf3122de9c1a379ada0be 2009.0/x86_64/samba-client-3.2.13-0.2mdv2009.0.x86_64.rpm 333ac01dc9006cb1a5373d5ed0d8a8d8 2009.0/x86_64/samba-common-3.2.13-0.2mdv2009.0.x86_64.rpm 13dd58dd57bc701a8435bc08e53a86d3 2009.0/x86_64/samba-doc-3.2.13-0.2mdv2009.0.x86_64.rpm 76173d6b22d6ebbe278785e395114638 2009.0/x86_64/samba-server-3.2.13-0.2mdv2009.0.x86_64.rpm 3cd76bb72d24726258fa7a3ddca4ba5b 2009.0/x86_64/samba-swat-3.2.13-0.2mdv2009.0.x86_64.rpm b6d64c576008dcb247b84397709f57ee 2009.0/x86_64/samba-winbind-3.2.13-0.2mdv2009.0.x86_64.rpm 853a7a0d04efb98ccd1b86389e606477 2009.0/SRPMS/samba-3.2.13-0.2mdv2009.0.src.rpm Mandriva Enterprise Server 5: 69d3bf5264b42006b6d29806d7148304 mes5/i586/libnetapi0-3.2.13-0.2mdvmes5.i586.rpm e105411f90103f58af8c32b5659a3663 mes5/i586/libnetapi-devel-3.2.13-0.2mdvmes5.i586.rpm 6caac3db13b68866b133480fc2ac24c3 mes5/i586/libsmbclient0-3.2.13-0.2mdvmes5.i586.rpm 36672e9387601118c0a7d1eda4e586e9 mes5/i586/libsmbclient0-devel-3.2.13-0.2mdvmes5.i586.rpm dcef8f37c61352976bdbe3d2f4eb6b83 mes5/i586/libsmbclient0-static-devel-3.2.13-0.2mdvmes5.i586.rpm e466863ee1addc9575f9628e2b5534c8 mes5/i586/libsmbsharemodes0-3.2.13-0.2mdvmes5.i586.rpm bc3938d90434500f79157d9b20a6652f mes5/i586/libsmbsharemodes-devel-3.2.13-0.2mdvmes5.i586.rpm 6dc5996b9cbb4102d40d8e1a8aca7003 mes5/i586/libtalloc1-3.2.13-0.2mdvmes5.i586.rpm 2d55b4ece3ed1a5623ff4e1728feba8f mes5/i586/libtalloc-devel-3.2.13-0.2mdvmes5.i586.rpm a50cdba2a0c5b183f021771958a307ca mes5/i586/libtdb1-3.2.13-0.2mdvmes5.i586.rpm e739b717df5142e0de31784ef46c19ea mes5/i586/libtdb-devel-3.2.13-0.2mdvmes5.i586.rpm bdda31bfc67f2b38e97b017a01a99954 mes5/i586/libwbclient0-3.2.13-0.2mdvmes5.i586.rpm ba39d40a934553466653ab3ae15150dd mes5/i586/libwbclient-devel-3.2.13-0.2mdvmes5.i586.rpm 38b55ad1d8a225ace7b4a5ad9cc068a8 mes5/i586/mount-cifs-3.2.13-0.2mdvmes5.i586.rpm ef930361464e5987300a2c68623605b0 mes5/i586/nss_wins-3.2.13-0.2mdvmes5.i586.rpm 1dec5cfa4740ebe79b7b9e57b701c571 mes5/i586/samba-client-3.2.13-0.2mdvmes5.i586.rpm dba7905d92718f15026c74856a5fd11a mes5/i586/samba-common-3.2.13-0.2mdvmes5.i586.rpm be93a92f129b90a82683b2d5ed798086 mes5/i586/samba-doc-3.2.13-0.2mdvmes5.i586.rpm 7065565daa66360f5c1f037fd5e11bde mes5/i586/samba-server-3.2.13-0.2mdvmes5.i586.rpm efb3b8d697cdfea9297581749a3774d3 mes5/i586/samba-swat-3.2.13-0.2mdvmes5.i586.rpm 56e3121bb0b17cc0e7208ad7cf897861 mes5/i586/samba-winbind-3.2.13-0.2mdvmes5.i586.rpm e37bf698cb6291fabb03c191822940a4 mes5/SRPMS/samba-3.2.13-0.2mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 5c81cae7fb76d796272a9995e6c3b7c6 mes5/x86_64/lib64netapi0-3.2.13-0.2mdvmes5.x86_64.rpm c8ca656e7706b2f0ffca58483e7a315f mes5/x86_64/lib64netapi-devel-3.2.13-0.2mdvmes5.x86_64.rpm b09f4161a8dc94fc286475d379d5f184 mes5/x86_64/lib64smbclient0-3.2.13-0.2mdvmes5.x86_64.rpm 4605d39bdcce2156aa57915ac0cd9805 mes5/x86_64/lib64smbclient0-devel-3.2.13-0.2mdvmes5.x86_64.rpm 636b818e46df1740bc5a0b0a9e07bade mes5/x86_64/lib64smbclient0-static-devel-3.2.13-0.2mdvmes5.x86_64.rpm 2ccaec3e555174c9f01be4d56fb0bcec mes5/x86_64/lib64smbsharemodes0-3.2.13-0.2mdvmes5.x86_64.rpm 942ab9c47844b304bc614dda4f92af43 mes5/x86_64/lib64smbsharemodes-devel-3.2.13-0.2mdvmes5.x86_64.rpm e9615b13fab8296413c6c1b090d274fd mes5/x86_64/lib64talloc1-3.2.13-0.2mdvmes5.x86_64.rpm 2694c1b30151bca31e67b42dfe19bbd9 mes5/x86_64/lib64talloc-devel-3.2.13-0.2mdvmes5.x86_64.rpm fe2909c38bc45d6de90960e294352908 mes5/x86_64/lib64tdb1-3.2.13-0.2mdvmes5.x86_64.rpm 0cf2b56b5da499c8facdefff4d94b0bd mes5/x86_64/lib64tdb-devel-3.2.13-0.2mdvmes5.x86_64.rpm 54e33bc818f206dc9164faf76e85fc5c mes5/x86_64/lib64wbclient0-3.2.13-0.2mdvmes5.x86_64.rpm 88ed36e49c31f49a66a86fa4ff8e2b25 mes5/x86_64/lib64wbclient-devel-3.2.13-0.2mdvmes5.x86_64.rpm 0c2a3fda8a2daf1d6ff7be6e36c4a077 mes5/x86_64/mount-cifs-3.2.13-0.2mdvmes5.x86_64.rpm 29723b335614bd95ed628de185094fa5 mes5/x86_64/nss_wins-3.2.13-0.2mdvmes5.x86_64.rpm a29c280fafbbcb2dfb42ea8bc8c56ae3 mes5/x86_64/samba-client-3.2.13-0.2mdvmes5.x86_64.rpm 3636cd013a6e529f18d4b49455c9a686 mes5/x86_64/samba-common-3.2.13-0.2mdvmes5.x86_64.rpm 91a2df862fd97dcd6b6396e788da1206 mes5/x86_64/samba-doc-3.2.13-0.2mdvmes5.x86_64.rpm 1f4c9cbc1f8dc635e7a1aa3d5523d807 mes5/x86_64/samba-server-3.2.13-0.2mdvmes5.x86_64.rpm bb1172236f7389c22d942f804c9e34a1 mes5/x86_64/samba-swat-3.2.13-0.2mdvmes5.x86_64.rpm 55bdb438e23ae8e3cc131298800d9a98 mes5/x86_64/samba-winbind-3.2.13-0.2mdvmes5.x86_64.rpm e37bf698cb6291fabb03c191822940a4 mes5/SRPMS/samba-3.2.13-0.2mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKfC47mqjQ0CJFipgRAkmVAKDi+Xf6tkPhj3JcORD5Amnalh4SqgCgwyVn aO4amfUxj9NmDgveW0qyYhw= =/U8f -----END PGP SIGNATURE-----