The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code. This update adds constraints to the Samba server code which protects it from using values from untrusted sources as operands in arithmetic operations to determine heap memory space needed to copy data. Without these limitations a remote attacker may be able to overflow the heap memory of the process and to overwrite vital information structures which can be abused to execute arbitrary code. 2) solution/workaround
There is no workaround known. Please install the new packages provided on our FTP servers.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.1 | x86_64 | samba | < 3.0.9-2.1.5 | samba-3.0.9-2.1.5.x86_64.rpm |
openSUSE | 9.0 | x86_64 | samba-client | < 2.2.8a-230 | samba-client-2.2.8a-230.x86_64.rpm |
openSUSE | 8.1 | i586 | samba-client | < 2.2.8a-230 | samba-client-2.2.8a-230.i586.rpm |
openSUSE | 9.0 | i586 | samba | < 2.2.8a-230 | samba-2.2.8a-230.i586.rpm |
openSUSE | 8.1 | i586 | samba-vscan | < 0.3.2a-283 | samba-vscan-0.3.2a-283.i586.rpm |
openSUSE | 9.0 | x86_64 | samba-vscan | < 0.3.2a-283 | samba-vscan-0.3.2a-283.x86_64.rpm |
openSUSE | 9.1 | x86_64 | samba-client | < 3.0.9-2.1.5 | samba-client-3.0.9-2.1.5.x86_64.rpm |
openSUSE | 9.0 | i586 | samba-client | < 2.2.8a-230 | samba-client-2.2.8a-230.i586.rpm |
openSUSE | 9.1 | i586 | libsmbclient-devel | < 3.0.9-2.1.5 | libsmbclient-devel-3.0.9-2.1.5.i586.rpm |
openSUSE | 9.0 | x86_64 | samba | < 2.2.8a-230 | samba-2.2.8a-230.x86_64.rpm |