[Pkg-samba-maint] [Announce] Samba 4.0.4 Security Release Available for Download
Andrew Bartlett
abartlet at samba.org
Wed Mar 20 06:28:37 UTC 2013
On Tue, 2013-03-19 at 18:35 +0100, Christian PERRIER wrote:
> Quoting Karolin Seeger (kseeger at samba.org):
> > Release Announcements
> > ---------------------
> >
> > This is a security release in order to address CVE-2013-1863
> > (World-writeable files may be created in additional shares on a
> > Samba 4.0 AD DC).
> >
> > o CVE-2013-1863:
> > Administrators of the Samba 4.0 Active Directory Domain
> > Controller might unexpectedly find files created world-writeable
> > if additional CIFS file shares are created on the AD DC.
> > Samba versions 4.0.0rc6 - 4.0.3 (inclusive) are affected by this
> > defect.
>
>
> Unless I'm missing something, "only" our version in experimental is
> affected, so the urgency to have 4.0.4 uploaded is not very high.
>
> Also, I understand that the issue affects servers using file services
> (am I right?) which is not yet something we support.
>
> I don't have that much free time as of now and won't probably be able
> to do the update in a timely manner.
As I tried to make clear in the announcement, this doesn't impact
Debian, as you don't even ship this mode of operation.
I would like to fix that (hence my packaging work), but this isn't
anything that needs to be worried about right now.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the Pkg-samba-maint
mailing list