Yellow Dog Linux Security Advisory: YDU-20030409-3

Troy Vitullo yellowdog-updates@lists.terrasoftsolutions.com
Mon, 14 Apr 2003 11:32:34 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	samba
Issue Date:	April 09, 2003
Priority:	high
Advisory ID: 	YDU-20030409-3


1. 	Topic:

	Updated samba packages are available.


2. 	Problem:

	Samba, a SMB/CIFS-based file and printer sharing program,
	contains a major security vulnerability that allows an anonymous user to
	gain remote root access. An exploit for this vulnerability is publicly
	available.
	
	All users of Samba are urged to immediately upgrade to the following errata
	packages, which address these vulnerabilities.


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install samba

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/samba-2.2.8-1.3.0a.ppc.rpm
			ppc/samba-client-2.2.8-1.3.0a.ppc.rpm
			ppc/samba-common-2.2.8-1.3.0a.ppc.rpm
			ppc/samba-swat-2.2.8-1.3.0a.ppc.rpm
			SRPMS/samba-2.2.8-1.3.0a.src.rpm

		Yellow Dog Linux 2.3
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/samba-2.2.7-3.7.2.ppc.rpm
			ppc/samba-client-2.2.7-3.7.2.ppc.rpm
			ppc/samba-common-2.2.7-3.7.2.ppc.rpm
			ppc/samba-swat-2.2.7-3.7.2.ppc.rpm
			SRPMS/samba-2.2.7-3.7.2.src.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
d8c322db8e4ef0f148d2752a41eff8f8  ppc/samba-2.2.8-1.3.0a.ppc.rpm
0f77bee72c0b9cd7ada82084cc756c41  ppc/samba-client-2.2.8-1.3.0a.ppc.rpm
37a87249f8cbb976360d4820fede2c21  ppc/samba-common-2.2.8-1.3.0a.ppc.rpm
ef6cf6fec58dc5a4e4887a3acf693d2d  ppc/samba-swat-2.2.8-1.3.0a.ppc.rpm
f13d308578e360c69a6cd767b7936193  SRPMS/samba-2.2.8-1.3.0a.src.rpm

[Yellow Dog Linux 2.3]
5f16ee7e4a67b76db43d8f8d03c27b62  ppc/samba-2.2.7-3.7.2.ppc.rpm
53e81cb0fea731e05fcd93388403b061  ppc/samba-client-2.2.7-3.7.2.ppc.rpm
b02c0aa65611295ea7dc42da6371f71c  ppc/samba-common-2.2.7-3.7.2.ppc.rpm
db6d53460a5098336ca6c2e2f55b5973  ppc/samba-swat-2.2.7-3.7.2.ppc.rpm
10aca5226037157321538eeb324c3bac  SRPMS/samba-2.2.7-3.7.2.src.rpm


If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml