Re: CVE-2012-1182 patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 04/16/2012 05:45 PM, Earl J Sanchez wrote:
Hi,

We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at
the samba site for patches for the CVE-2012-1182 vulnerability, but the
closest patch versions I see  are for samba 3.4.15&  3.4.16.
Is there a specific patch to fix samba 3.4.2?

Also, since we are patching, is there a cluster of patches available
specifically for samba 3.4.2?
No we produce patches always for the latest version in a given branch (3.4, 3.5, 3.6, ...), if the samba that you are using is the one that was packaged by Sun and if you are still under support by Oracle then ask them for an update. If you build your own samba then you have two options:

* try to backport the patches between 3.4.14 and 3.4.15 as they all are related to the security fix
* upgrade to 3.4.15

The backport should work pretty easily as it's related to generated code and shouldn't be much impacted by the fixes made between 3.4.2 and 3.4.14. Upgrade to 3.4.15 should be doable too as we just push minor fix between version in the same branch.

Matthieu.


--
Matthieu Patou
Samba Team
http://samba.org

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux