CVE-2010-1635 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1635): The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.
CVE-2010-1642 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1642): The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.
Arches, please test and mark stable: =net-fs/samba-3.5.4 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
(In reply to comment #2) > Arches, please test and mark stable: > =net-fs/samba-3.5.4 > Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" > Cancel that. Arches, please test and mark stable: =net-fs/samba-3.4.8 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
x86 stable
Marked ppc/ppc64 stable.
amd64 done
alpha/arm/ia64/s390/sh/sparc stable
Stable for HPPA.
GLSA with 337295.
This issue was resolved and addressed in GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml by GLSA coordinator Sean Amoss (ackle).