Yellow Dog Linux Security Announcement
--------------------------------------

Package:	samba
Issue Date: 	December 27, 2002	
Priority:	high	
Advisory ID: 	YDU-20021227-7


1. 	Topic:

	Updated samba packages are available.


2. 	Problem:

	"New samba packages are available that fix a security vulnerability present
	in samba versions 2.2.2 through 2.2.6. A potential attacker could gain
	root access on the target machine. It is strongly encouraged that all Samba
	users update to the fixed packages.

	As of this time, there are no known exploits for this vulnerability.

	There was a bug in the length checking for encrypted password change
	requests from clients. A client could potentially send an encrypted
	password, which, when decrypted with the old hashed password, could be
	used as a buffer overrun attack on smbd's stack. The attack would
	have to be crafted such that converting a DOS codepage string to little
	endian UCS2 unicode would translate into an executable block of code.

	Thanks to the Debian Samba maintainers for discovering this issue, and to
	the Samba team for providing the fix (and the problem description text
	above.)"
	(from Red Hat advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install samba

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/samba-2.2.7-1.7.3.ppc.rpm
			ppc/samba-client-2.2.7-1.7.3.ppc.rpm
			ppc/samba-common-2.2.7-1.7.3.ppc.rpm
			ppc/samba-swat-2.2.7-1.7.3.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
559d21c1146d512c7a6ac1da0c83cdb2  ppc/samba-2.2.7-1.7.3.ppc.rpm
eb3d7682e04e53441a3dee963061a536  ppc/samba-client-2.2.7-1.7.3.ppc.rpm
df7ce53aa08e9caac84f9ed8238f3960  ppc/samba-common-2.2.7-1.7.3.ppc.rpm
5bcd151a43833d177c67c13ad52e36eb  ppc/samba-swat-2.2.7-1.7.3.ppc.rpm
572310f3589b194d501b189fd34287ac  SRPMS/samba-2.2.7-1.7.3.src.rpm

I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml