[FUG-BR] [Announce] Samba 4.0.2, 3.6.12 and 3.5.21 Security Releases Available for Download

Jose Nilton jniltinho em gmail.com
Quarta Janeiro 30 13:00:30 BRST 2013


Saiu a versão 4.0.2 do Samba


2013/1/30 Karolin Seeger <kseeger em samba.org>

> Release Announcements
> ---------------------
>
> Samba 4.0.2, 3.6.12 and 3.5.21 have been issued as security releases in
> order
> to address CVE-2013-0213 (Clickjacking issue in SWAT) and
> CVE-2013-0214 (Potential XSRF in SWAT).
>
> o  CVE-2013-0213:
>    All current released versions of Samba are vulnerable to clickjacking
> in the
>    Samba Web Administration Tool (SWAT). When the SWAT pages are
> integrated into
>    a malicious web page via a frame or iframe and then overlaid by other
> content,
>    an attacker could trick an administrator to potentially change Samba
> settings.
>
>    In order to be vulnerable, SWAT must have been installed and enabled
>    either as a standalone server launched from inetd or xinetd, or as a
>    CGI plugin to Apache. If SWAT has not been installed or enabled (which
>    is the default install state for Samba) this advisory can be ignored.
>
> o  CVE-2013-0214:
>    All current released versions of Samba are vulnerable to a cross-site
>    request forgery in the Samba Web Administration Tool (SWAT). By
> guessing a
>    user's password and then tricking a user who is authenticated with SWAT
> into
>    clicking a manipulated URL on a different web page, it is possible to
> manipulate
>    SWAT.
>
>    In order to be vulnerable, the attacker needs to know the victim's
> password.
>    Additionally SWAT must have been installed and enabled either as a
> standalone
>    server launched from inetd or xinetd, or as a CGI plugin to Apache. If
> SWAT has
>    not been installed or enabled (which is the default install state for
> Samba)
>    this advisory can be ignored.
>
>
> Changes:
> ========
>
> o   Kai Blin <kai em samba.org>
>     * BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
>     * BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
>
>
> #######################################
> Reporting bugs & Development Discussion
> #######################################
>
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
>
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored.  All bug reports should
> be filed under the Samba 4.0 product in the project's Bugzilla
> database (https://bugzilla.samba.org/).
>
>
> ======================================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================
>
> ================
> Download Details
> ================
>
> The uncompressed tarballs and patch files have been signed
> using GnuPG (ID 6568B7EA).  The source code can be downloaded
> from:
>
>         http://download.samba.org/samba/ftp/stable/
>
> The release notes are available online at:
>
>         http://www.samba.org/samba/history/samba-4.0.2.html
>         http://www.samba.org/samba/history/samba-3.6.12.html
>         http://www.samba.org/samba/history/samba-3.5.21.html
>
> Binary packages will be made available on a volunteer basis from
>
>         http://download.samba.org/samba/ftp/Binary_Packages/
>
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
>
>                         --Enjoy
>                         The Samba Team
>



-- 
..............................................................................
*Com Deus todas as coisas são possíveis* :::
LinuxPro<http://www.linuxpro.com.br>

*"A qualidade nunca se obtém por acaso; ela é sempre o resultado do esforço
inteligente." (John Ruskin)
"A mente que se abre a uma nova ideia jamais volta ao seu tamanho original"
(Albert Einstein)*


Mais detalhes sobre a lista de discussão freebsd