-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2004-32
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original release date: 08 Dec 2004
 Last revised:          08 Dec 2004

 Package: samba

 Summary: Two vulnerabilities discovered in Samba

 More information:
    Samba is an Open Source/Free Software suite that provides seamless file
    and print services to SMB/CIFS clients.  Samba is freely available,
    unlike other SMB/CIFS implementations, and allows for interoperability
    between Linux/Unix servers and Windows-based clients.

    The vulnerabilities:

    - A buffer overflow in the QFILEPATHINFO request handler.

    - A vulnerability in the input validation routines used to match filename
      strings containing wildcard characters.

 Impact:
    The QFILEPATHINFO vulnerability may allow remote attackers to execute
    arbitrary code using a TRANSACT2_QFILEPATHINFO request with a small
    "maximum data bytes" value.

    The wildcard character vulnerability may allow remote authenticated
    users to cause a denial of service of Samba.

 Affected Products:
    - Turbolinux 10 Server

 Solution:
    Please use the turbopkg (zabom) tool to apply the necessary updates.
 ---------------------------------------------
 # turboupdate
 or
 # zabom -u samba samba-debug samba-devel samba-python smbfs
 ---------------------------------------------


 <Turbolinux 10 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/samba-3.0.6-9.src.rpm
     14965487 017f64907a4710834bbe4c5b4ef8656a

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/samba-3.0.6-9.i586.rpm
     24905738 67747d107a09ea321b0121fb1c14ed8b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/samba-debug-3.0.6-9.i586.rpm
      2919200 36d0da434066e9cd196d59c2361c53ac
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/samba-devel-3.0.6-9.i586.rpm
       750665 1d62e2c6ffda6ccd2de30cb9588d50e4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/samba-python-3.0.6-9.i586.rpm
      4040587 370747fab5f90e825e415f2dd8ff799f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/smbfs-3.0.6-9.i586.rpm
       245422 e7c81bc9e64b934b67f56a75adcb2b63


 Notice:
    After performing the update, it is necessary to restart the smb daemon.
    To do this, run the following command as user root.
 ---------------------------------------------
 # /etc/init.d/smb restart
 or
 # /etc/rc.d/init.d/smb restart
 ---------------------------------------------

 References:

 CVE
   [CAN-2004-0882]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
   [CAN-2004-0930]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930

 --------------------------------------------------------------------------
 Revision History
    08 Dec 2004 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2004 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBtrHuK0LzjOqIJMwRAs/dAJ470+XoSwL7ACnHi8lof7mrlU8WlQCeMdR+
VGUiKC92GoISO1Y2l01fdK8=
=4IMT
-----END PGP SIGNATURE-----