Security Information / 2011 / Security Information -- DSA-2290-1 samba

Debian Security Advisory

DSA-2290-1 samba -- cross-site scripting

Date Reported:

07 Aug 2011

Affected Packages:

samba

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-2522, CVE-2011-2694.

More information:

The Samba Web Administration Tool (SWAT) contains several cross-site request forgery (CSRF) vulnerabilities (CVE-2011-2522) and a cross-site scripting vulnerability (CVE-2011-2694).

For the oldstable distribution (lenny), these problems have been fixed in version 2:3.2.5-4lenny15.

For the stable distribution (squeeze), these problems have been fixed in version 2:3.5.6~dfsg-3squeeze5.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 2:3.5.10~dfsg-1.

We recommend that you upgrade your samba packages.