On 05/23/12 10:42 AM, Joao Cardoso wrote:
>
> *Security update 2012.55* � releases from 0.52 to 2011.54 are
> potentially vulnerable to code execution as root by an authenticated
> user if a |command="..."| option is used in |authorized_keys|. Release
> 2012.55 fixes the problem.
Also, will you be stepping up the version of Samba, to fix CVE-2012-1182
(remote root code execution vulnerability)? 3.5.12 was bundled with
RC2, 3.5.14 seems to be the fixed release.
Isn't tracking third-party software fun? Granted, I'm probably the only
person crazy enough to expose my 323 to the internet, but even that's
behind iptables and IPsec. :)