Summary: | net-fs/samba < 3.0.28 send_mailslot() "SAMLOGON" Buffer overflow (CVE-2007-6015) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | blocker | CC: | dev-zero | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://secunia.com/secunia_research/2007-99/ | ||||||||
Whiteboard: | B0 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2007-11-29 20:18:32 UTC
Upstream is working on a patch. Created attachment 137917 [details, diff]
CVE-2007-0615.patch
You know the drill, please do not commit, but add an updated ebuild to this bug, so it can get testing and be committed to straight stable at the release date.
Created attachment 137995 [details]
samba-3.0.27a-r1.ebuild
Sorry for the delay, I was really busy yesterday...
The patch needs to be renamed to 3.0.27a-CVE-2007-0615.patch
Besides the requested patch, the ebuild fixes the bugs #200132 ("typo in elog") and #199934 ("oneliner to remove +x bit from headers").
Please test the attached ebuild and report back at this bug. Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86" Adding Arch Security Liaisons: alpha : ferdy amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair sparc : ferdy x86 : tsunam make test does its job right up to the SMBTORTURE4 tests. This isn't a regression though, and all else looks OK for HPPA. Ditto for amd64. looking as good on ppc64, too. Looks fine on alpha/ia64/sparc/x86 looks good for ppc Please rename the patch to contain 6015 instead of 0615. prestabled for all security supported arches. Tiziano, please prepare for a commit on Tuesday. The time is not confirmed yet. Samba folks will release their advisory at about 15 UTC and Secunia did not reply to the schedule question. public now. commited as 3.0.28 (as released by upstream, contains only the security update). Arches, please test and mark stable net-fs/samba-3.0.28. Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86" Already stabled : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" Missing keywords: "arm mips s390 sh" GLSA 200712-10 Does not affect current (2008.0) release. Removing release. |