Leak in Samba Versions from 3.0.29
Samba versions from 3.0.29 include a security failure. Developers have released an update to fix it.
The Samba advisory indicates that the security leak resulted from a change to GNU Compiler Collection (GCC) version 4 optimization. It seems a cut-and-paste error in the range checking code can allow a malicious client to alter the Server Message Block (SMB) process to pass arbitrary memory requests back to itself.
The Samba team ran into the error during an internal code investigation. The advisory recommends an immediate patch upgrade.
Patches are available for download here. The new Samba versions, 3.2.5 and 3.0.33 already have the patches applied. The team also points to the fact that the Samba 3.2 directories are now located in the /recent directory and are no longer in an experimental state.
Issue 158/2014
Buy this issue as a PDF
Digital Issue: Price $9.99
(incl. VAT)
Tag Cloud
News
-
New Mint Minted
Version 16 of the popular Linux desktop reveals new tools, edge-snapping, and performance improvements.
-
New Worm Attacks Linux Devices
Symantec says Linux-Darlioz burrows in through PHP.
-
Project Sputnik Gets a Boost
Dell renews its quest for the ultimate developer machine.
-
Sneaky New Linux Attack Discovered in the Wild
Innovative back door looks like normal SSH traffic.
-
CeBIT Call for Papers
One of CeBITs most successful forums opens the new year with a new name. The popular Open Source Forum continues in 2014 under the name Special Conference: Open Source. This year, the forum will be bigger and offer a wider range of possibilities for sponsors.
-
Linus Announces Linux Kernel 3.12
New release offers better graphics drivers and expands filesystem support.
-
Dark Alliance Reinvents Email Security
New mail protocol will shut out the NSA and prevent snooping on metadata.
-
DDos Attack Map Charts Denial of Service
A new web application helps users visualize distributed denial-of-service attacks.
-
Saucy Salamander Gets Legs
Ubuntu 13.10 takes a step toward convergence, with lots of mobility, but Mir only partly here.
-
Intel and Arduino Create Pi-Like System
Galileo board is targeted to embedded developers and educational institutions.