Security 10816 Published by

A samba security update for Debian GNU/Linux has been released



Steve Langasek found an exploitable bug in the password handling code in samba: when converting from DOS code-page to little endian UCS2 unicode a buffer length was not checked and a buffer could be overflowed. There is no known exploit for this, but an upgrade is strongly recommended.

This problem has been fixed in version 2.2.3a-12 of the Debian samba packages and upstream version 2.2.7.
Read more