6381522 2001-04-18 16:42 +0200  /88 rader/  <tsl@TRUSTIX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-18  21:43  av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: tsl@TRUSTIX.COM
Mottagare: Bugtraq (import) <16635>
Ärende: TSLSA-#2001-0005 - samba
------------------------------------------------------------
From: tsl@TRUSTIX.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010418164240.A3614@thunder.trustix.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2001-0005

Package name:      samba
Severity:          Possible alternation of local files and devices
Date:              2001-04-18
Affected versions: TSL 1.01, 1.1, 1.2

- --------------------------------------------------------------------------

Problem description:
  Samba up to version 2.0.7 uses mktemp(3) for creation of temporary
  files.  This allows malicious local users to alter contents of
  other files on the system, and potentially gain superuser privileges.


Action:
  We recommend that all systems with this package installed are upgraded.
  If you do not need the functionality provided by this package, you may
  want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool, can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata page at
  <URI:http://www.trustix.net/errata/trustix-1.2/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2001/TSLSA-2001-0005-samba.asc.txt>

MD5sums of the packages:
- --------------------------------------------------------------------------
9fddc25d3fc75cc31a550d481fab23f8  ./1.2/SRPMS/samba-2.0.8-1tr.src.rpm
8f55ae93a15e9201858bc313b0a2531e  ./1.2/RPMS/samba-common-2.0.8-1tr.i586.rpm
4d6e05dcdf8a9992d8924f4d210a23eb  ./1.2/RPMS/samba-client-2.0.8-1tr.i586.rpm
2af9cf1e295fee0b064c26e0a65a33c6  ./1.2/RPMS/samba-2.0.8-1tr.i586.rpm
9fddc25d3fc75cc31a550d481fab23f8  ./1.1/SRPMS/samba-2.0.8-1tr.src.rpm
188cd370b8a8fdb1f8796b0d1bd7571f  ./1.1/RPMS/samba-common-2.0.8-1tr.i586.rpm
7e6481da006ba1e98ac80e81f0ae6a1c  ./1.1/RPMS/samba-client-2.0.8-1tr.i586.rpm
198ea59a43c56ce1857ce9a1fcc805bc  ./1.1/RPMS/samba-2.0.8-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE63Z4dwRTcg4BxxS0RAnRFAJsG/hwSznasKcIRI0az0mF2dVlTzQCffOgm
iUZSe8m+1Rg6G15k+y6nDNU=
=g2Yt
-----END PGP SIGNATURE-----
--
Trustix Secure Linux Advisor
Homepage:           http://www.trustix.net/
Errata:             http://www.trustix.net/errata/
Automatic updates:  http://www.trustix.net/pub/Trustix/software/swup/
(6381522) / <tsl@TRUSTIX.COM>/----------------------