Säkerhetsbulletin från Debian

DSA-701-2 samba -- heltalsspill

Rapporterat den:

2005-04-21

Berörda paket:

Sårbara:

Referenser i säkerhetsdatabaser:

I Debians felrapporteringssystem: Fel 302378.
I Mitres CVE-förteckning: CVE-2004-1154.
CERTs information om sårbarheter, bulletiner och incidenter: VU#226184.

Ytterligare information:

Vi har upptäckt att den senaste säkerhetsuppdateringen för Samba, en LanManager-liknande fil- och skrivarserver för GNU/Linux och Unixliknande system, fick servern att krascha vid omläsning. Detta har rättats. Texten från originalbulletinen följer nedan:

Greg MacManus upptäckte ett heltalsspill i smb-servern från Samba, en LanManager-liknande fil- och skrivarserver för GNU/Linux och Unixliknande system. Genom att be om ett stort antal åtkomststyrningshandtag från servern kunde man utnyttja heltalsspillet, vilket kunde ge ett buffertspill som kunde leda till att godtycklig kod exekverades med rootbehörighet. Uppströmsutvecklarna har även upptäckt fler möjliga heltalsspill som även de rättas i denna uppdatering.

För den stabila utgåvan (Woody) har dessa problem rättats i version 2.2.3a-15.

För den instabila utgåvan (Sid) har dessa problem rättats i version 3.0.10-1.

Vi rekommenderar att ni uppgraderar era samba-paket.

Rättat i:

Debian GNU/Linux 3.0 (woody)

Källkod:: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.dsc; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.diff.gz; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
Arkitekturoberoende komponent:: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-15_all.deb
Alpha:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_alpha.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_arm.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_i386.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_ia64.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_hppa.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_m68k.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mips.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mipsel.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_powerpc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_s390.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_sparc.deb; http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.

MD5-kontrollsummor för dessa filer finns i reviderade bulletinen.

Denna sida finns även på följande språk:

dansk Deutsch English español français Português

Så ställer du in standardspråkval för dokument

För att rapportera ett problem med webbplatsen, kontakta debian-www@lists.debian.org (på engelska). För problem och synpunkter om den svenska översättningen, kontakta debian-l10n-swedish@lists.debian.org. För övrig kontaktinformation, se Debians kontaktsida.

Senast uppdaterad: Sön 2008-08-31 02.51.44 UTC
Upphovsrättsskyddat © 2005-2008 SPI; Se licensvillkor
Debian är ett registrerat varumärke hos Software in the Public Interest. Inc.