Samba 3.0.2 Available for Download - SMB

This is a discussion on Samba 3.0.2 Available for Download - SMB ; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here's another holiday release in time to be wrapped up for Valentine's Day. This is the latest stable release of Samba. This is the version that all production Samba servers should be running for ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Samba 3.0.2 Available for Download

  1. Samba 3.0.2 Available for Download

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Here's another holiday release in time to be wrapped up for
    Valentine's Day.

    This is the latest stable release of Samba. This is the version
    that all production Samba servers should be running for all
    current bug-fixes.

    It has been confirmed that previous versions of Samba 3.0 are
    susceptible to a password initialization bug that could grant
    an attacker unauthorized access to a user account created by
    the mksmbpasswd.sh shell script.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CAN-2004-0082 to this issue.

    Samba administrators not wishing to upgrade to the current
    version should download the 3.0.2 release, build the pdbedit
    tool, and run

    ~ root# pdbedit-3.0.2 --force-initialized-passwords

    This will disable all accounts not possessing a valid password
    (e.g. the password field has been set a string of X's).

    Samba servers running 3.0.2 are not vulnerable to this bug
    regardless of whether or not pdbedit has been used to sanitize
    the passdb backend.

    Additionally, some of the more visible bugs in 3.0.1 addressed
    in the 3.0.2 release include:

    ~ o Joining a Samba domain from Pre-SP2 Windows 2000 clients.
    ~ o Logging onto a Samba domain from Windows XP clients.
    ~ o Problems with the %U and %u smb.conf variables in relation
    ~ to Windows 9x/ME clients.
    ~ o Kerberos failures due to an invalid in memory keytab
    ~ detection test.
    ~ o Updates to the ntlm_auth tool.
    ~ o Fixes for various SMB signing errors.
    ~ o Better separation of WINS and DNS queries for domain
    ~ controllers.
    ~ o Issues with nss_winbind FreeBSD and Solaris.
    ~ o Several crash bugs in smbd and winbindd.
    ~ o Output formatting fixes for smbclient for better
    ~ compatibility with scripts based on the 2.2 version.

    The source code can be downloaded from :

    ~ http://download.samba.org/samba/ftp/

    The uncompressed tarball and patch file have been signed
    using GnuPG. The Samba public key is available at

    ~ http://download.samba.org/samba/ftp/samba-pubkey.asc

    Binary packages are available at

    ~ http://download.samba.org/samba/ftp/Binary_Packages/

    A simplified version of the CVS log of updates since 3.0.1
    can be found in the the download directory under the name
    ChangeLog-3.0.1-3.0.2. The release notes are also available
    on-line at

    ~ http://www.samba.org/samba/whatsnew/samba-3.0.2.html

    As always, all bugs (https://bugzilla.samba.org/) are our
    responsibility.

    ~ --Enjoy
    ~ The Samba Team



    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFAJ6KRIR7qMdg1EfYRAokzAJ0bJaBcbBa8WYc2BqU7uN DlaCJlfQCgoKNg
    cs7RA/GvGrjiwNBpxXhLjf8=
    =MomW
    -----END PGP SIGNATURE-----

  2. Re: Samba 3.0.2 Available for Download

    Hello, When will the next stable debian binary package be released?


    "Gerald Carter" wrote in message
    news:4027A291.2090701@hp.com...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Here's another holiday release in time to be wrapped up for
    > Valentine's Day.
    >
    > This is the latest stable release of Samba. This is the version
    > that all production Samba servers should be running for all
    > current bug-fixes.
    >
    > It has been confirmed that previous versions of Samba 3.0 are
    > susceptible to a password initialization bug that could grant
    > an attacker unauthorized access to a user account created by
    > the mksmbpasswd.sh shell script.
    >
    > The Common Vulnerabilities and Exposures project (cve.mitre.org)
    > has assigned the name CAN-2004-0082 to this issue.
    >
    > Samba administrators not wishing to upgrade to the current
    > version should download the 3.0.2 release, build the pdbedit
    > tool, and run
    >
    > ~ root# pdbedit-3.0.2 --force-initialized-passwords
    >
    > This will disable all accounts not possessing a valid password
    > (e.g. the password field has been set a string of X's).
    >
    > Samba servers running 3.0.2 are not vulnerable to this bug
    > regardless of whether or not pdbedit has been used to sanitize
    > the passdb backend.
    >
    > Additionally, some of the more visible bugs in 3.0.1 addressed
    > in the 3.0.2 release include:
    >
    > ~ o Joining a Samba domain from Pre-SP2 Windows 2000 clients.
    > ~ o Logging onto a Samba domain from Windows XP clients.
    > ~ o Problems with the %U and %u smb.conf variables in relation
    > ~ to Windows 9x/ME clients.
    > ~ o Kerberos failures due to an invalid in memory keytab
    > ~ detection test.
    > ~ o Updates to the ntlm_auth tool.
    > ~ o Fixes for various SMB signing errors.
    > ~ o Better separation of WINS and DNS queries for domain
    > ~ controllers.
    > ~ o Issues with nss_winbind FreeBSD and Solaris.
    > ~ o Several crash bugs in smbd and winbindd.
    > ~ o Output formatting fixes for smbclient for better
    > ~ compatibility with scripts based on the 2.2 version.
    >
    > The source code can be downloaded from :
    >
    > ~ http://download.samba.org/samba/ftp/
    >
    > The uncompressed tarball and patch file have been signed
    > using GnuPG. The Samba public key is available at
    >
    > ~ http://download.samba.org/samba/ftp/samba-pubkey.asc
    >
    > Binary packages are available at
    >
    > ~ http://download.samba.org/samba/ftp/Binary_Packages/
    >
    > A simplified version of the CVS log of updates since 3.0.1
    > can be found in the the download directory under the name
    > ChangeLog-3.0.1-3.0.2. The release notes are also available
    > on-line at
    >
    > ~ http://www.samba.org/samba/whatsnew/samba-3.0.2.html
    >
    > As always, all bugs (https://bugzilla.samba.org/) are our
    > responsibility.
    >
    > ~ --Enjoy
    > ~ The Samba Team
    >
    >
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.2.1 (GNU/Linux)
    > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    >
    > iD8DBQFAJ6KRIR7qMdg1EfYRAokzAJ0bJaBcbBa8WYc2BqU7uN DlaCJlfQCgoKNg
    > cs7RA/GvGrjiwNBpxXhLjf8=
    > =MomW
    > -----END PGP SIGNATURE-----




+ Reply to Thread