Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#10526 - Update Samba 3.0.30 (Security update) while Tpowa is away

Attached to Project: Arch Linux
Opened by Jud (judfilm) - Wednesday, 28 May 2008, 23:11 GMT
Last edited by Eric Belanger (Snowman) - Wednesday, 04 June 2008, 00:01 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Critical
Priority Normal
Reported Version 2007.08-2
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No



While Tpowa is away could someone please update the samba package, now with security update:

o CVE-2008-1105
Specifically crafted SMB responses can result in a heap overflow
in the Samba client code. Because the server process, smbd, can
itself act as a client during operations such as printer notification
and domain authentication, this issue affects both Samba client
and server installations.

Thank You.

This task depends upon

Closed by  Eric Belanger (Snowman)
Wednesday, 04 June 2008, 00:01 GMT
Reason for closing:  Fixed
Additional comments about closing:  Both samba and smbclient in extra have been updated to 3.0.30.

Open another bug report for the docs.
Comment by Hussam Al-Tayeb (hussam) - Thursday, 29 May 2008, 00:29 GMT
When this is fixed, it might be a good idea to place the updated package in testing first at least for a few days because it is a server program.
Comment by Jud (judfilm) - Saturday, 31 May 2008, 01:08 GMT

Is there an ETA for this package update please? - 'highly critical' vulnerability

news link:
Comment by Dawid Wróbel (cromo) - Tuesday, 03 June 2008, 13:51 GMT
Sorry for OT, but I noticed that there are ~10MBs of html help/documentation in /usr/share/samba/swat. Is there a need for including this in package? Sorry for reporting it here, but I think there's no need to create dedicated bug report.