[20581] in bugtraq
Samba 2.0.9 released - 2.0.8 did NOT fix the hole
daemon@ATHENA.MIT.EDU (Andrew Tridgell)
Thu May 10 21:19:21 2001
Message-ID: <20010508235917.398474687@lists.samba.org>
Date: Tue, 8 May 2001 16:59:17 -0700
Reply-To: tridge@valinux.com
From: Andrew Tridgell <tridge@SEVENOFNINE.SU.VALINUX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
The recent Samba 2.0.8 security fix release did NOT fix the security
hole in Samba 2.0.7. I have now released Samba 2.0.9 to fix this.
Many thanks to Marc Jacobsen from HP for pointing out the error, and
apologies from the Samba Team for any inconvenience.
Note that the 2.2.0 release did fix the bug, so if you have installed
that release then you can ignore this message.
The 2.0.9 release is available at
ftp://ftp.samba.org/pub/samba/samba-2.0.9.tar.gz
the patch is available at:
ftp://ftp.samba.org/pub/samba/patches/samba-2.0.8-2.0.9.diffs.gz
The 2.2.0 release is available at:
ftp://ftp.samba.org/pub/samba/samba-2.2.0.tar.gz
We do not plan on doing any more releases of Samba 2.0.x.
Distribution vendors have been notified about the error and will be
doing new releases shortly.
Cheers, Tridge
