libtalloc, libtdb, samba3x, tdb security update

ID CESA-2010:0698
Type centos
Reporter CentOS Project
Modified 2010-09-15T18:42:24


CentOS Errata and Security Advisory CESA-2010:0698

Samba is a suite of programs used by machines to share files, printers, and other information.

A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially-crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069)

Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.

Merged security bulletin from advisories:

Affected packages: libtalloc libtalloc-devel libtdb libtdb-devel samba3x samba3x-client samba3x-common samba3x-doc samba3x-domainjoin-gui samba3x-swat samba3x-winbind samba3x-winbind-devel tdb-tools

Upstream details at: