New Samba packages are available for Red Hat Linux 5.2, 6.2, 7, and 7.1. These packages fix a security problem with remote clients giving special NetBIOS names to the server. It is recommended that all Samba users upgrade to the fixed packages. Please note that the packages for Red Hat Linux 6.2 require an updated logrotate package. UPDATE: The packages for Red Hat Linux 5.2 have been updated. The original packages detected the availability of syscalls present in kernels newer than 2.2. Red Hat Linux 5.2 has a 2.0 kernel, and users will experience various problems when these syscalls are used. This release removes the detection of these syscalls from the autoconf script.
The Samba configuration used in Red Hat Linux logs operations into [remotenetbiosname].log. By sending an invalid NetBIOS name, Samba could be fooled to write its log in unintended and inappropriate locations. This can be especially dangerous if combined with a symlink created by a local user.