Pardus alert 2011-54 (samba samba-devel samba-swat)

From:
    	     
 
Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security]  [PLSA 2011-54] Samba: Memory Corruption 
Date:
    	     
 
Thu, 3 Mar 2011 10:21:20 +0200
Message-ID:
    	     
 
<201103031021.20896.meltem@pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-54            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-03-03
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

A vulnerability have been fixed in samba,  which  allows  attackers  to 
cause a denial of service. 


Description
===========

CVE-2011-0719: 

All current released versions of Samba are vulnerable to  a  denial  of 
service caused by memory corruption. Range 

checks on file descriptors being used in  the  FD_SET  macro  were  not 
present allowing stack corruption. This can cause 

the Samba code to crash or to loop attempting to select on a  bad  file 
descriptor set. 





Affected packages:

  Pardus 2011:
    samba, all before 3.5.7-62-p11
    samba-devel, all before 3.5.7-62-p11

    samba-swat, all before 3.5.7-62-p11



Resolution
==========

There are update(s) for samba, samba-devel, samba-swat. You can  update 
them via Package Manager or with a single command from console: 

    pisi up samba samba-devel samba-swat

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=17049
  * http://www.samba.org/samba/security/CVE-2011-0719

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security