[Pkg-samba-maint] [Announce] Samba 4.0.4 Security Release Available for Download
Christian PERRIER
bubulle at debian.org
Tue Mar 19 17:35:35 UTC 2013
Quoting Karolin Seeger (kseeger at samba.org):
> Release Announcements
> ---------------------
>
> This is a security release in order to address CVE-2013-1863
> (World-writeable files may be created in additional shares on a
> Samba 4.0 AD DC).
>
> o CVE-2013-1863:
> Administrators of the Samba 4.0 Active Directory Domain
> Controller might unexpectedly find files created world-writeable
> if additional CIFS file shares are created on the AD DC.
> Samba versions 4.0.0rc6 - 4.0.3 (inclusive) are affected by this
> defect.
Unless I'm missing something, "only" our version in experimental is
affected, so the urgency to have 4.0.4 uploaded is not very high.
Also, I understand that the issue affects servers using file services
(am I right?) which is not yet something we support.
I don't have that much free time as of now and won't probably be able
to do the update in a timely manner.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20130319/62f0cfd8/attachment.pgp>
More information about the Pkg-samba-maint
mailing list