libtalloc, libtdb, samba3x, tdb security update

2010-09-15T18:42:24
ID CESA-2010:0698
Type centos
Reporter CentOS Project
Modified 2010-09-15T18:42:24

Description

CentOS Errata and Security Advisory CESA-2010:0698

Samba is a suite of programs used by machines to share files, printers, and other information.

A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially-crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069)

Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2010-September/017004.html http://lists.centos.org/pipermail/centos-announce/2010-September/017005.html

Affected packages: libtalloc libtalloc-devel libtdb libtdb-devel samba3x samba3x-client samba3x-common samba3x-doc samba3x-domainjoin-gui samba3x-swat samba3x-winbind samba3x-winbind-devel tdb-tools

Upstream details at: https://rhn.redhat.com/errata/RHSA-2010-0698.html