From: Christian PERRIER on
Quoting Jeremy Allison (jra(a)
> Security problem with Samba on Linux
> ------------------------------------
> In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code
> was added to fix a problem with Linux asynchronous IO handling.

Situation for Debian:

- Debian stable isn't affected by this issue (we have 3.2.5+patches there)
- Official backports from aren't affected too (we
have 3.4.5)
- Debian unstable has 3.4.7 since yesterday, a few hours after the
official annoucement. As it had 3.4.6 earlier, users of
Debian unstable *are strongly advised to "apt-get upgrade"*
- Debian experimental has 3.5.1 since about the same time. Users who
follow samba in experimental to have 3.5 should also upgrade

The most important info:

- Debian testing (squeeze) *is* affected as of now. By a very very
infortunate sequence of events, yesterday was the day where 3.4.6
packages that were in unstable aged enough to enter testing.
And they did. Before I could notice (I happen to do paid work
during the day..:-))

So, users of Debian testing should either avoid upgrading today if
they still have 3.4.5 packages or upgrade their systems ASAP
with the packages uploaded yesterday in unstable (you need to do
this manually) if they already upgraded to 3.4.6

3.4.7 packages were bumped to "high" urgency, which means they will
enter testing by Thursday March 11th (I'm unsure about the exact

I don't think that Ubuntu is affected by all this, even the soon to
come Lucid....but this is unverified information.

To unsubscribe from this list go to the following URL and read the