Gentoo Security Advisory GLSA 200404-21 (samba)

The remote host is missing updates announced in advisory GLSA 200404-21.
All users should update to the latest version of the Samba package. The following commands will perform the upgrade: # emerge sync # emerge -pv '>=net-fs/samba-3.0.2a-r2' # emerge '>=net-fs/samba-3.0.2a-r2' Those who are using Samba's password database also need to run the following command: # pdbedit --force-initialized-passwords Those using LDAP for Samba passwords also need to check the sambaPwdLastSet attribute on each account, and ensure it is not 0.
There is a bug in smbfs which may allow local users to gain root via a setuid file on a mounted Samba share. Also, there is a tmpfile symlink vulnerability in the smbprint script distributed with Samba.