From: Lars Müller on
On Mon, Mar 08, 2010 at 02:08:27PM -0800, Jeremy Allison wrote:
> Security problem with Samba on Linux
> ------------------------------------
>
> In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code
> was added to fix a problem with Linux asynchronous IO handling.

As the SUSE Samba binaries are not linked against libcap, we are not
affected in any shipping products. Therefore no action is required from
SUSE users.

Nevertheless https://bugzilla.samba.org/show_bug.cgi?id=7222
CVE-2010-0728 and https://bugzilla.novell.com/show_bug.cgi?id=586683 are
noted in the package change log as reference to this security issue.

3.5.1 got already merged into the current openSUSE development tree
(Factory).

Binaries of current Samba version are available from the openSUSE Build
Service by the network:samba:STABLE repository. More information about
this service, Samba and SUSE is available from
http://en.openSUSE.org/Samba

Lars
--
Lars Müller [ˈlaː(r)z ˈmʏlɐ]
Samba Team
SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany