Security 10808 Published by

A new security update for Debian GNU/Linux has been released:

DSA-203-1 smb2www -- arbitrary command execution
Robert Luberda found a security problem in smb2www, a Windows Network client that is accessible through a web browser. This could lead a remote attacker to execute arbitrary programs under the user id www-data on the host where smb2www is running.

This problem has been fixed in version 980804-16.1 for the current stable distribution (woody), in version 980804-8.1 of the old stable distribution (potato) and in version 980804-17 for the unstable distribution (sid).

We recommend that you upgrade your smb2www package immediately.
Read more