Announcing Samba1.9.18p6 and more :^)

[A message from Andrew Tridgell]
I've just released version 1.9.18p6 of Samba.

This release is in response to a potential security hole pointed out
by Drago on BugTraq. The security hole involed a buffer overflow in
the filename handling in reply_*()

It is not at all clear that the security hole is actually
exploitable. The existing code that checks for buffer overflows in
Samba does catch the proposed exploit as posted to BugTraq but we
considered it a grave enough risk that an immediate patch release is
warranted. Note that if the hole is exploitable then it will only be
possible to exploit it if the attacker already has write access to the
exported filesystem.

It is highly recommended that everyone upgrade to version 1.9.18p6 of
Samba to avoid any possible exposure to this security hole.

The new release is available from ftp://samba.org/pub/samba/

Cheers, Andrew

[And a message from Jerrimy Allison]
Hi all,

        Over the weekend (isn't it always :-), someone
on the BugTraq list posted an analysis (not exploit code)
of a potential buffer overrun in Samba, that has been
present in all versions (including 1.9.18p5). As Andrew
Tridgell was working over the weekend he quickly produced
a fix for this (it was a problem with code using sprintf)
and released it as 1.9.18p6 on Sunday, May 11th.

Please note that there is no published root exploit for this
problem, other than a denial of service (which is still very
serious).

Unfortunately, in the haste to fix the problem he used
a non-POSIX api, memalign(), in code to simulate the
snprintf() call that sprintf was replaced with. This and
some of the fix code has caused compile problems on some
UNIX systems.

In order to fix these compile problems on as wide a
range of systems as possible, I'd appreciate it if
people could send me the man pages for the following
functions on their systems.

These functions are :

vsnprintf
getpagesize
sysconf
memalign
mprotect
valloc

People with the following systems need not send man
pages, as the Samba Team already has access to these
and we will check ourselves :

SGI IRIX (all versions).
Sun Solaris (versions 2.4 or above).
Linux (all versions)
FreeBSD (all versions)

When sending the man pages please remember to mention
what system these pages are for : eg. HPUX 10.x, HPUX 9.x
SunOS 4.x etc.

Please send the man pages to samba-bugs@samba.org

Thanks in advance,

	Jeremy Allison,
	Samba Team.