: Log in!

メインメニュー
Google


ウェブ 検索
サイト内検索
トップ  >  Linux10歩  >  2010-03-09 openssh,sambaのupdate

20100309 openssh-5.4p1にupdateしました

内容

・デフォルトでProtocol 2 になりました
 Protocol 1 を併用する場合はconfigファイルで指定する必要があります

configファイルの変更点 5.3p1 → 5.4p1

diff -ur openssh53/ssh_config openssh54/ssh_config
--- openssh53/ssh_config 2009-10-02 08:31:30.000000000 +0900
+++ openssh54/ssh_config 2010-03-09 17:37:13.000000000 +0900
@@ -1,4 +1,4 @@
-# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $
+# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
@@ -44,3 +44,4 @@
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
+# ProxyCommand ssh -q -W %h:%p gateway.example.com
diff -ur openssh53/sshd_config openssh54/sshd_config
--- openssh53/sshd_config 2009-10-02 08:31:30.000000000 +0900
+++ openssh54/sshd_config 2010-03-09 17:37:14.000000000 +0900
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -15,10 +15,8 @@
#ListenAddress 0.0.0.0
#ListenAddress ::

-# Disable legacy (protocol version 1) support in the server for new
-# installations. In future the default will change to require explicit
-# activation of protocol 1
-Protocol 2
+# The default requires explicit activation of protocol 1
+#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key


Changelog

・詳細はopensshサイトのPortability ChangeLogを参照してください




20100309 samba-3.5.1にupdateしました

内容

・デフォルトのsmb.confの変更はありません
・readmeの関係でエラーが出る場合
 configureでLDFLAGS="-Wl,--no-as-needed"を追加します

Release Notes for Samba 3.5.1 March 8, 2010

This is a security release in order to address CVE-2010-0728.

o CVE-2010-0728:
In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
was added to fix a problem with Linux asynchronous IO handling.
This code introduced a bad security flaw on Linux platforms if the
binaries were built on Linux platforms with libcap support.
The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
capabilities, allowing all file system access to be allowed
even when permissions should have denied access.

Changes since 3.5.0
-------------------

o Jeremy Allison <jra at samba.org>
* BUG 7222: Fix for CVE-2010-0728.


投票数:51 平均点:6.86
前
2010-03-07 httpd(apache)のsecurity
カテゴリートップ
Linux10歩
次
2010-03-10 dovecot,phpmyadminのupgrade