CVE-2012-2111 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2111): The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.
+ 02 May 2012; Patrick Lauer <patrick@gentoo.org> +samba-3.5.15.ebuild, + +samba-3.6.5.ebuild: + Bump for #414319 There's your ebuilds, 3.5.15 needs to be stabled now.
Arch teams: please stabilize =net-fs/samba-3.5.15 target keywords: "alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"
x86 stable
amd64 ok
amd64 stable
Stable for HPPA.
arm stable
alpha/ia64/s390/sh/sparc stable
ppc64 done
ppc done
Thanks, everyone. GLSA vote: yes.
GLSA Vote: yes. Added to existing GLSA draft.
This issue was resolved and addressed in GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml by GLSA coordinator Sean Amoss (ackle).