[SECURITY] [DSA 2290-1] samba security update

2011-08-0720:14:25

lists.debian.org

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.8%

JSON

Debian Security Advisory DSA-2290-1 [email protected]
http://www.debian.org/security/ Florian Weimer
August 07, 2011 http://www.debian.org/security/faq

Package : samba
Vulnerability : cross-site scripting
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-2522 CVE-2011-2694

The Samba Web Administration Tool (SWAT) contains several cross-site
request forgery (CSRF) vulnerabilities (CVE-2011-2522) and a
cross-site scripting vulnerability (CVE-2011-2694).

For the oldstable distribution (lenny), these problems have been fixed in
version 2:3.2.5-4lenny15.

For the stable distribution (squeeze), these problems have been fixed
in version 2:3.5.6~dfsg-3squeeze5.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 2:3.5.10~dfsg-1.

We recommend that you upgrade your samba packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian5ia64libpam-smbpass< 2:3.2.5-4lenny15libpam-smbpass_2:3.2.5-4lenny15_ia64.deb
Debian6mipssamba-dbg< 2:3.5.6~dfsg-3squeeze5samba-dbg_2:3.5.6~dfsg-3squeeze5_mips.deb
Debian5armsamba< 2:3.2.5-4lenny15samba_2:3.2.5-4lenny15_arm.deb
Debian6kfreebsd-amd64winbind< 2:3.5.6~dfsg-3squeeze5winbind_2:3.5.6~dfsg-3squeeze5_kfreebsd-amd64.deb
Debian5powerpclibpam-smbpass< 2:3.2.5-4lenny15libpam-smbpass_2:3.2.5-4lenny15_powerpc.deb
Debian5powerpcsamba-tools< 2:3.2.5-4lenny15samba-tools_2:3.2.5-4lenny15_powerpc.deb
Debian5amd64samba-tools< 2:3.2.5-4lenny15samba-tools_2:3.2.5-4lenny15_amd64.deb
Debian5alphaswat< 2:3.2.5-4lenny15swat_2:3.2.5-4lenny15_alpha.deb
Debian6powerpclibpam-smbpass< 2:3.5.6~dfsg-3squeeze5libpam-smbpass_2:3.5.6~dfsg-3squeeze5_powerpc.deb
Debian6s390samba-common-bin< 2:3.5.6~dfsg-3squeeze5samba-common-bin_2:3.5.6~dfsg-3squeeze5_s390.deb

OS	Version	Architecture	Package	Version	Filename
Debian	5	ia64	libpam-smbpass	< 2:3.2.5-4lenny15	libpam-smbpass_2:3.2.5-4lenny15_ia64.deb
Debian	6	mips	samba-dbg	< 2:3.5.6~dfsg-3squeeze5	samba-dbg_2:3.5.6~dfsg-3squeeze5_mips.deb
Debian	5	arm	samba	< 2:3.2.5-4lenny15	samba_2:3.2.5-4lenny15_arm.deb
Debian	6	kfreebsd-amd64	winbind	< 2:3.5.6~dfsg-3squeeze5	winbind_2:3.5.6~dfsg-3squeeze5_kfreebsd-amd64.deb
Debian	5	powerpc	libpam-smbpass	< 2:3.2.5-4lenny15	libpam-smbpass_2:3.2.5-4lenny15_powerpc.deb
Debian	5	powerpc	samba-tools	< 2:3.2.5-4lenny15	samba-tools_2:3.2.5-4lenny15_powerpc.deb
Debian	5	amd64	samba-tools	< 2:3.2.5-4lenny15	samba-tools_2:3.2.5-4lenny15_amd64.deb
Debian	5	alpha	swat	< 2:3.2.5-4lenny15	swat_2:3.2.5-4lenny15_alpha.deb
Debian	6	powerpc	libpam-smbpass	< 2:3.5.6~dfsg-3squeeze5	libpam-smbpass_2:3.5.6~dfsg-3squeeze5_powerpc.deb
Debian	6	s390	samba-common-bin	< 2:3.5.6~dfsg-3squeeze5	samba-common-bin_2:3.5.6~dfsg-3squeeze5_s390.deb